Jump to content

c:/cygwin64//lib/gcc/x86_64-pc-cygwin/10/collect2.exe not ransomware?


Recommended Posts

This was flagged and quarantined by MB?  I'm in Detection History, but I do not see how to recover this file?  Where is the recovery item??

The report from what appears to be the download button is:



-Log Details-
Protection Event Date: 12/20/20
Protection Event Time: 6:24 AM
Log File: 22d18dfc-42cf-11eb-8c84-3c18a0561f85.json

-Software Information-
Components Version: 1.0.1130
Update Package Version: 1.0.34541
License: Premium

-System Information-
OS: Windows 10 (Build 19041.685)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

File: 1
Malware.Ransom.Agent.Generic, C:\cygwin64\lib\gcc\x86_64-pc-cygwin\10\collect2.exe, Quarantined, 0, 392685, 0.0.0, 77ef47fc60c41afb4d28002bd4df3146, 1e70097d32c6db96cd5d0811e7e7677214be6cdb73b520827023e5b21f6d5009


Link to post
Share on other sites

OK, I can restore this file, but why was it flagged at all?  From the report, it looks fine?

Link to post
Share on other sites

If you believe this to be a False Positive declaration,  there is a section of the Forum for submitting False Positives - False Positives

File detections in general are submitted in;  File Detections

Ransomware detections believed to be a false Positive are submitted in;  Ransomware

I have requested this thread be moved to;  Ransomware

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

OK.  Thanks.

I'd guess this won't be answered, given my previous experiences.  However, if enough people point out a problem, e.g., with some popular software like gcc, then I think it's a good change that the MB database will be updated.

Link to post
Share on other sites

As long as it is posted in the appropriate area where David recommended, Research should see it and will be able to take a look and correct it.  Here in the general forums it's mainly just support staff and volunteers who have no access to or control over Malwarebytes' database, so getting a false positive corrected by posting it here is far less likely.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.