Markook Posted December 25, 2020 ID:1429190 Share Posted December 25, 2020 (edited) First of all, I am not a user of this software. I only used it today to check my system. https://es.malwarebytes.com/mwb-download/thankyou/ As you know, this link is from the official malwarebytes site and redirects you to download.cnet.com to download the software. The funny thing is that when analyzing the downloaded file (MBSetup-0009996.0009996-consumer.exe) with virustotal, it will be detected as a Trojan by two mechanisms. https://www.virustotal.com/gui/file/ce820f52d9c8206cd5ca69c6040cf05ef94d9fda4cf01eb272e5459906bcf97b/detection These mechanisms had already detected something similar with the Brave browser. So I would not trust their detection systems, also Malwarebytes is part of VirusTotal mechanisms. I trust more in antivirus recognized worldwide such as ESET, Karspersky and others. There are many quality antivirus used in virustotal, and the vast majority gave positive results on Malwarebytes Installer (clean software) In short: it is very funny that an antivirus mechanism is detected as a Trojan by another antiviruses knowing that are implemented on the same website. Merry Christmas!. Edited December 27, 2020 by AdvancedSetup removed hyperlink to cnet Link to post Share on other sites More sharing options...
Porthos Posted December 25, 2020 ID:1429197 Share Posted December 25, 2020 1 hour ago, Markook said: In short: it is very funny that an antivirus mechanism is detected as a Trojan by another antiviruses knowing that are implemented on the same website. It is a false positive. 1 Link to post Share on other sites More sharing options...
Markook Posted December 26, 2020 Author ID:1429216 Share Posted December 26, 2020 5 hours ago, Porthos said: It is a false positive. Ok but it is rare that this only happens in this installer: MBSetup-0009996.0009996-consumer.exe while the MBSetup.exe installer is not detected good day Link to post Share on other sites More sharing options...
Markook Posted December 26, 2020 Author ID:1429217 Share Posted December 26, 2020 51 minutes ago, Markook said: Ok but it is rare that this only happens in this installer: MBSetup-0009996.0009996-consumer.exe while the MBSetup.exe installer is not detected good day https://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429347 Share Posted December 27, 2020 I have seen that the website in English and other languages (like brazilian, German, french, Dutch, russian, japanese and Swedish) download the software (MBSetup.exe) from the same page (Malwarebytes.com) but some versions such as Spanish, Italian, and Portuguese (portugal) when clicking on the download button send you to a third party site called "download.cnet.com" to download the software (MBSetup-0009996.0009996-consumer.exe). Not even the version of the software installer is the same but well, I talked about this here https://forums.malwarebytes.com/topic/268465-two-installers. I would like to know the reason why this happens. What is the need to redirect some versions to a third-party website, also the installer "MBSetup-0009996.0009996-consumer.exe" was detected as a Trojan although it is possibly false positives (https://forums.malwarebytes.com/topic/268458-malwarebytes-trojan). Another thing I have seen is that in the English version you can see the sites that trust the software while in all the others you can see the sites that approved the software (see pics to understand whats is rare to me), it seems that u guys put much more effort into developing the English-speaking website than the others https://gyazo.com/a1adab19fe6f5e9a105447aa2c29a6f0 (english version)https://gyazo.com/31d1db25f1721901154a03d888db31c1 (others versions) Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429348 Share Posted December 27, 2020 Nobody will believe me: but the name of the file had changed to malwarebytes- (and some numbers) but now it is called again "MBSetup.exe". But sadly i didnt take the screenshot Link to post Share on other sites More sharing options...
Porthos Posted December 27, 2020 ID:1429349 Share Posted December 27, 2020 What we have been trying to explain is it does not matter what it is called. Each affiliate has their own file. What matters is it is just a down-loader that contacts Malwarebytes protected servers and then downloads and installs the current version of the program directly. The MBsetup file is not the actual program itself. Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429351 Share Posted December 27, 2020 12 minutes ago, Porthos said: What we have been trying to explain is it does not matter what it is called. Each affiliate has their own file. What matters is it is just a down-loader that contacts Malwarebytes protected servers and then downloads and installs the current version of the program directly. The MBsetup file is not the actual program itself. I understand, but Is it necessary to make that distinction between country subdomains? It was not better that all the sub-domains when downloading redirected to a common place (Main domain or a third party website)? Also I saw a file from malwarebytes with this tag in virustotal, wouldn't it be better if all installers (like this one) have it? so people don't get a bad impression Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429352 Share Posted December 27, 2020 @Porthos Since then things like my case (being paranoid) and also cases like this person happen This person did not install the software due to the detections. With the use of the above tag this would not have happened or even this spanish person He says: "I downloaded it from the malwarebyte official website, why does it tell me that it has two Trojans?" And I suppose that like these people there are many who use virustotal. From what I understand it is not necessary to have a virustotal account to analyze a file and there are also many paranoid people who use it. Link to post Share on other sites More sharing options...
Porthos Posted December 27, 2020 ID:1429353 Share Posted December 27, 2020 You put too much stock in Virus total. The downloader gets changed often and the lesser known scanners on Virus Total cant seem to keep up with their databases. Of course paranoid users users will get over excited over those detection's. Not much can be done with those lesser known AV company's. This has been an ongoing issue with Virus Total since since version 4 was released and the install process was changed. Link to post Share on other sites More sharing options...
Porthos Posted December 27, 2020 ID:1429354 Share Posted December 27, 2020 10 minutes ago, Markook said: And I suppose that like these people there are many who use virustotal. From what I understand it is not necessary to have a virustotal account to analyze a file and there are also many paranoid people who use it. I use VT all the time and I know how to interpret the results. Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429356 Share Posted December 27, 2020 Just now, Porthos said: I use VT all the time and I know how to interpret the results. Ok. But not everyone does, for sure most of the people use it for the multiple antivirus's results. U didnt speak about the tag Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429357 Share Posted December 27, 2020 7 minutes ago, Porthos said: You put too much stock in Virus total. The downloader gets changed often and the lesser known scanners on Virus Total cant seem to keep up with their databases. Of course paranoid users users will get over excited over those detection's. Not much can be done with those lesser known AV company's. This has been an ongoing issue with Virus Total since since version 4 was released and the install process was changed. But i think the malwarebytes team can do something about https://www.virustotal.com/gui/monitor-overview? Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429358 Share Posted December 27, 2020 With this being said I want to confirm that my intention is not to fight, it is simply to give you advice. I have put that message in virustotal to give a bit of clarity to the subject Link to post Share on other sites More sharing options...
Porthos Posted December 27, 2020 ID:1429359 Share Posted December 27, 2020 FYI, The download.com link is hosting an old version of the downloader. But in the end the correct/current version of MB will be installed when executed. The current version is not detected. https://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection Link to post Share on other sites More sharing options...
Porthos Posted December 27, 2020 ID:1429360 Share Posted December 27, 2020 3 minutes ago, Markook said: With this being said I want to confirm that my intention is not to fight, it is simply to give you advice. The company is aware of the VT issues with old installers. It has been posted may times in the past. It is up to the mirrors to keep up as well. Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429361 Share Posted December 27, 2020 @Porthos I now know that the installer was old but when I installed malwarebytes i used the download link from download.com since the page (spanish version) redirected me there, I don't think there should be problems knowing that the detections are false positives. But i still dont understand why the italian, spanish and portuguese version redirect people to an old installer. And is nice to see that the company is aware of the VT issues. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2020 Root Admin ID:1429364 Share Posted December 27, 2020 You made your link say: https://es.malwarebytes.com/mwb-download/thankyou/ But you then linked it as: https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html?part=dl-&lang=es You should download directly from us to make sure and it't not redirected to an affiliatehttps://www.malwarebytes.com/mwb-download/thankyou/ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2020 Root Admin ID:1429365 Share Posted December 27, 2020 From CNEThttps://www.virustotal.com/gui/file/ce820f52d9c8206cd5ca69c6040cf05ef94d9fda4cf01eb272e5459906bcf97b/detection From Malwarebyteshttps://www.virustotal.com/gui/file/851e715c6cf297fed576a6338eeabfef53fd6462a98d856eafc9130c6170fd30/detection I'm not sure why, but Cnet appears to be using some type of wrapper on the program. I will check with one of the Program Managers to see if we can get more details on why the file is different. Thank you Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429366 Share Posted December 27, 2020 @AdvancedSetupLet me explain: im argentinian, i always go to malwarebytes.com and i got redirected to es.malwarebytes.com (i think is because the website detects my location) so i click the download buttom and it sends me to download.cnet.com. I tested this with all the subdomains from languages and this only happens with portuguese (portugal), italian and spanish I used the cnet link to download malwarebytes. I uninstalled it because i only used it to check my system, should i worry about the trojan detection? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2020 Root Admin ID:1429370 Share Posted December 27, 2020 I would not worry about an actual infection. Why it is hosting an old installer is curious and I've asked Program Manager about that. So does this link redirect you too? https://www.malwarebytes.com/mwb-download/thankyou/ Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429371 Share Posted December 27, 2020 @AdvancedSetupit does not redirect me (it downloads the MBSetup.exe). But if i change the language to spanish it redirects me to https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html?part=dl-&lang=es Link to post Share on other sites More sharing options...
Markook Posted December 27, 2020 Author ID:1429372 Share Posted December 27, 2020 @AdvancedSetup Clarification: if I do not answer, it will be because I will be sleeping. I will answer any questions when I wake up. Good night / morning and thank you for being interested in my comments Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 27, 2020 Root Admin ID:1429375 Share Posted December 27, 2020 Thanks, I have to run as well. Catch up later Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2020 Root Admin ID:1429464 Share Posted December 28, 2020 Sorry, I've taken ill myself. Hopefully I feel better within a couple days and can reply further Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now