Jump to content

7-Zip? Really? MB acting oddly


gmshedd

Recommended Posts

Today, for the first time, MB 4.2.1.89 identified my 7-Zip executable and its install file, 7z1900 to be Trojan.SmokeLoader. They've been installed on the laptop for years. No word about it on here or anywhere else on the internet. Scanned as ok with Windows Defender. Quarantined them for the moment. BTW, noticed that MB has a 7Z.dll in its program directory.

Two other odd things: MB is "Unable to contact license server", and repeatedly fails to install a new update, even after I explicitly added the license for the affected laptop to my account by logging in on the same laptop (testmy.net shows download speed of 40 Mb and upload at 6 Mb). 

I downloaded a new install for MB and will try installing fresh and then rescanning the 7Z files.

Link to post
Share on other sites

I succeeded in getting the latest version (4.3.0) of MB to install on my 32-bit Windows 10 laptop by turning off Defender, but MB is still not showing under Virus & threat protection after rebooting, and I don't see any option to make MB the virus protector under Manage Providers in Windows Security. This information applies to a 32-bit Windows 10 system. My 64-bit systems don't have this problem; they show MB as the active virus protection. However, neither bit version can connect to the license server when I click on Account in the MB Settings.

image.thumb.png.21b3302198cb522a2070e99d5311d487.png

Link to post
Share on other sites

1 hour ago, gmshedd said:

However, neither bit version can connect to the license server when I click on Account in the MB Settings.

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
Link to post
Share on other sites

Ultimately, the fix seemed to be to change the MB security setting to "Always register MB in the Windows Security Center." Of course, this allowed MB to appear in Windows Security settings as the Virus & Threat Protection, as you would expect, but it also allowed MB to connect to the license server (when selecting "Account" in MB settings), which I didn't expect. I think, if MB isn't registered with Windows Security Center, then Windows Defender interferes with MB attempts to install updates and contact the license sever.

Link to post
Share on other sites

Just now, gmshedd said:

I think, if MB isn't registered with Windows Security Center, then Windows Defender interferes with MB attempts to install updates and contact the license sever.

That is not correct. I and 100's of my clients have no issues with Malwarebytes not being registered in the security center. It is my standard setup.

Link to post
Share on other sites

Sorry to double up here. One more thing: I'm not sure how or why MB wasn't registering with Windows Security Center on this particular PC. I have 5 seats of MB and this was the only one that wasn't registering--maybe because it's the only 32-bit system? Maybe Windows 32-bit acts differently, or the MB 32-bit acts differently.

Link to post
Share on other sites

Just now, gmshedd said:

Sorry to double up here. One more thing: I'm not sure how or why MB wasn't registering with Windows Security Center on this particular PC. I have 5 seats of MB and this was the only one that wasn't registering--maybe because it's the only 32-bit system? Maybe Windows 32-bit acts differently, or the MB 32-bit acts differently.

Cant say. I have not seen a 32bit system in about 10 years.

Link to post
Share on other sites

2 minutes ago, Porthos said:

Cant say. I have not seen a 32bit system in about 10 years.

Like many issues, it happened after an update--either of Windows or of MB. Everything has worked fine for a year, with consistent Windows and MB updates being applied, and then, bang, an update happens and a problem appears. At least that's my surmise. Problem has been solved. Thanks for your help.

  • Like 1
Link to post
Share on other sites

I've had this false positive too on the same day. I'd like to precise that in my case, the suspicious 7z.exe wasn't my main one, but one bundled to Sourcetree in its Program Files (x86) directory.

Is there any chance that it wasn't a false positive, but that the Trojan would have morphed and/or moved somewhere else in my system? I'm probably being paranoid, but reading a little on SmokeLoader, i thought it was the kind of tactic it would be able to do. Might have misunderstood what i've read.

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.