Jump to content

Redirections


Recommended Posts

First of all, I am not a user of this software. I only used it today to check my system. 

https://es.malwarebytes.com/mwb-download/thankyou/ 

As you know, this link is from the official malwarebytes site and redirects you to download.cnet.com to download the software. The funny thing is that when analyzing the downloaded file (MBSetup-0009996.0009996-consumer.exe) with virustotal, it will be detected as a Trojan by two mechanisms. https://www.virustotal.com/gui/file/ce820f52d9c8206cd5ca69c6040cf05ef94d9fda4cf01eb272e5459906bcf97b/detection 

These mechanisms had already detected something similar with the Brave browser. So I would not trust their detection systems, also Malwarebytes is part of VirusTotal mechanisms.

I trust more in antivirus recognized worldwide such as ESET, Karspersky and others. There are many quality antivirus used in virustotal, and the vast majority gave positive results on Malwarebytes Installer (clean software)

In short: it is very funny that an antivirus mechanism is detected as a Trojan by another antiviruses knowing that are implemented on the same website.

Merry Christmas!.

Edited by AdvancedSetup
removed hyperlink to cnet
Link to post
Share on other sites

5 hours ago, Porthos said:

It is a false positive.

 

Ok but it is rare that this only happens in this installer: MBSetup-0009996.0009996-consumer.exe while the MBSetup.exe installer is not detected good day

Link to post
Share on other sites

51 minutes ago, Markook said:

 

Ok but it is rare that this only happens in this installer: MBSetup-0009996.0009996-consumer.exe while the MBSetup.exe installer is not detected good day

https://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection 

Link to post
Share on other sites

I have seen that the website in English and other languages (like brazilian, German, french, Dutch, russian, japanese and Swedish)  download the software (MBSetup.exe) from the same page (Malwarebytes.com) but some versions such as Spanish, Italian, and Portuguese (portugal) when clicking on the download button send you to a third party site called "download.cnet.com" to download the software (MBSetup-0009996.0009996-consumer.exe). Not even the version of the software installer is the same but well, I talked about this here https://forums.malwarebytes.com/topic/268465-two-installers. 

 

I would like to know the reason why this happens. What is the need to redirect some versions to a third-party website, also the installer "MBSetup-0009996.0009996-consumer.exe" was detected as a Trojan although it is possibly false positives (https://forums.malwarebytes.com/topic/268458-malwarebytes-trojan).

Another thing I have seen is that in the English version you can see the sites that trust the software while in all the others you can see the sites that approved the software (see pics to understand whats is rare to me), it seems that u guys put much more effort into developing the English-speaking website than the others

https://gyazo.com/a1adab19fe6f5e9a105447aa2c29a6f0 (english version)

https://gyazo.com/31d1db25f1721901154a03d888db31c1 (others versions) 

 

Link to post
Share on other sites

What we have been trying to explain is it does not matter what it is called. Each affiliate has their own file.

What matters is it is just a down-loader that contacts Malwarebytes protected servers and then downloads and installs the current version of the program directly. The MBsetup file is not the actual program itself.

Link to post
Share on other sites

12 minutes ago, Porthos said:

What we have been trying to explain is it does not matter what it is called. Each affiliate has their own file.

What matters is it is just a down-loader that contacts Malwarebytes protected servers and then downloads and installs the current version of the program directly. The MBsetup file is not the actual program itself.

I understand, but Is it necessary to make that distinction between country subdomains? It was not better that all the sub-domains when downloading redirected to a common place (Main domain or a third party website)?

Also I saw a file from malwarebytes with this tag in virustotal, wouldn't it be better if all installers (like this one) have it? so people don't get a bad impression

19d1a42cce92c20c8c574b5be9b90d4f.png

Link to post
Share on other sites

@Porthos

 

Since then things like my case (being paranoid) and also cases like this person happen

69c6d8719b51dca32dd6535328e54ddb.png
This person did not install the software due to the detections. With the use of the above tag this would not have happened or even this spanish person 030b3913ff3185e63ca3159cf70717bf.png
He says: 

"I downloaded it from the malwarebyte official website, why does it tell me that it has two Trojans?" 

And I suppose that like these people there are many who use virustotal. From what I understand it is not necessary to have a virustotal account to analyze a file and there are also many paranoid people who use it.

Link to post
Share on other sites

You put too much stock in Virus total.

The downloader gets changed often and the lesser known scanners on Virus Total cant seem to keep up with their databases.

Of course paranoid users users will get over excited over those detection's. Not much can be done with those lesser known AV company's.

This has been an ongoing issue with Virus Total since since version 4 was released and the install process was changed.

Link to post
Share on other sites

10 minutes ago, Markook said:

And I suppose that like these people there are many who use virustotal. From what I understand it is not necessary to have a virustotal account to analyze a file and there are also many paranoid people who use it.

I use VT all the time and I know how to interpret the results.

Link to post
Share on other sites

Just now, Porthos said:

I use VT all the time and I know how to interpret the results.

Ok. But not everyone does, for sure most of the people use it for the multiple antivirus's results.

U didnt speak about the tag 19d1a42cce92c20c8c574b5be9b90d4f.png
 

Link to post
Share on other sites

7 minutes ago, Porthos said:

You put too much stock in Virus total.

The downloader gets changed often and the lesser known scanners on Virus Total cant seem to keep up with their databases.

Of course paranoid users users will get over excited over those detection's. Not much can be done with those lesser known AV company's.

This has been an ongoing issue with Virus Total since since version 4 was released and the install process was changed.

But i think the malwarebytes team can do something about https://www.virustotal.com/gui/monitor-overview?

Link to post
Share on other sites

With this being said I want to confirm that my intention is not to fight, it is simply to give you advice.

d59294e8d00ad307ab11cb288fe04b1d.png

I have put that message in virustotal to give a bit of clarity to the subject
 

Link to post
Share on other sites

FYI, The download.com link is hosting an old version of the downloader. But in the end the correct/current version of MB will be installed when executed.

The current version is not detected.

https://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection

 

2020-12-26_21h09_10.png

Link to post
Share on other sites

@Porthos

I now know that the installer was old but when I installed malwarebytes i used the download link from download.com since the page (spanish version) redirected me there, I don't think there should be problems knowing that the detections are false positives. But i still dont understand why the italian, spanish and portuguese version redirect people to an old installer. 

And is nice to see that the company is aware of the VT issues. 

Link to post
Share on other sites

  • Root Admin

You made your link say: https://es.malwarebytes.com/mwb-download/thankyou/
But you then linked it as: https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html?part=dl-&lang=es

You should download directly from us to make sure and it't not redirected to an affiliate
https://www.malwarebytes.com/mwb-download/thankyou/

 

Link to post
Share on other sites

  • Root Admin

From CNET
https://www.virustotal.com/gui/file/ce820f52d9c8206cd5ca69c6040cf05ef94d9fda4cf01eb272e5459906bcf97b/detection

From Malwarebytes
https://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection

 

image.png

image.png

 

image.png

 

image.png

image.png

image.png

 

image.png

 

I'm not sure why, but Cnet appears to be using some type of wrapper on the program. I will check with one of the Program Managers to see if we can get more details on why the file is different.

Thank you

 

Link to post
Share on other sites

@AdvancedSetupLet me explain: im argentinian, i always go to malwarebytes.com and i got redirected to es.malwarebytes.com (i think is because the website detects my location) so i click the download buttom and it sends me to download.cnet.com. I tested this with all the subdomains from languages and this only happens with portuguese (portugal), italian and spanish

I used the cnet link to download malwarebytes. I uninstalled it because i only used it to check my system, should i worry about the trojan detection?  

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.