Jump to content

Possible false positive in Malwarebytes tmp folder?


Recommended Posts

Apologies if this is in the wrong place - Malwarebytes is picking up Spyware.PasswordStealer from the following files in the MalwareBytes folder:   "C:\\PROGRAMDATA\\MALWAREBYTES\\MBAMSERVICE\\TMP\\VSIXAUTOUPDATE.EXE-K.MBAM"  and also  "C:\\ProgramData\\Malwarebytes\\MBAMService\\tmp\\VSIXAUTOUPDATE.EXE-U.MBAM". Also ran a scan with AdwCleaner and it came up clean.

I noticed that these files only seem to show up when Malwarebytes is actively scanning the file system - could these be false positives? Any idea what's going on here? Please let me know if you need more information.

Link to post
Share on other sites

  • 2 weeks later...

I had a similar experience and resultant concern.  The same "password stealer" was flagged at the same disk location (C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\VSIXAUTOUPDATE.EXE-U.MBAM).  This was with an manual scan; it had not been picked up automatically.  Then on quarantining the file, a reboot was required.  After the reboot, a manual scan did not note the "password stealer."  But on the next manual scan, the "password stealer" was back.  I have done this a few times with no variation.  Obviously, with a quarantine that causes a reboot, and subsequently still seeing the problem, there is little that I can do to remedy this.  Do you have suggestions?


Link to post
Share on other sites

6 minutes ago, DMorris said:

Do you have suggestions?

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
Link to post
Share on other sites

Aha!  With rootkit scanning off, I don't get the detection.  This is a new phenomenon as I have had MWB on many computers for years with rootkit scanning on with no such detection, which I assume to be an error.

Thanks very much for your detective work.  Do have a suggestion for going forward?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.