Solution K0STA Posted March 9, 2021 Solution ID:1443581 Share Posted March 9, 2021 First of all this is ridiculous, I pay for this product and I don't get email support? I have to post on some lame forum? WTF is going on with WOWS being marked as malware? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted March 9, 2021 ID:1443585 Share Posted March 9, 2021 Hi, We will need a scan report to check what's going on. Link to post Share on other sites More sharing options...
K0STA Posted March 9, 2021 Author ID:1443595 Share Posted March 9, 2021 OK great! Tell me how to get that, and how to get it to you how about??? Link to post Share on other sites More sharing options...
Porthos Posted March 9, 2021 ID:1443608 Share Posted March 9, 2021 Export, save to clipboard and paste here. Link to post Share on other sites More sharing options...
K0STA Posted March 9, 2021 Author ID:1443628 Share Posted March 9, 2021 Roger Roger. Link to post Share on other sites More sharing options...
K0STA Posted March 9, 2021 Author ID:1443630 Share Posted March 9, 2021 2 minutes ago, K0STA said: Roger Roger. Belay that, my export contains PII. Is this post public or private? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted March 9, 2021 ID:1443632 Share Posted March 9, 2021 You can just copy the line that shows detection, make sure you copy the entire line. You can hide any usernames. Link to post Share on other sites More sharing options...
K0STA Posted March 9, 2021 Author ID:1443633 Share Posted March 9, 2021 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/5/21 Scan Time: 4:30 AM Log File: bd15e5b2-7d9d-11eb-bbf7-00d861a335af.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1212 Update Package Version: 1.0.37821 License: Premium -System Information- OS: Windows 10 (Build 19042.844) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 794835 Threats Detected: 7 Threats Quarantined: 7 Time Elapsed: 1 hr, 8 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 Malware.AI.3945856207, HKU\S-1-5-21-3086500029-630367684-2042544208-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WGCHK.NA.PRODUCTION, Quarantined, 1000000, 0, , , , , , Malware.AI.3945856207, HKU\S-1-5-21-3086500029-630367684-2042544208-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WOWS.NA.PRODUCTION, Quarantined, 1000000, 0, , , , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 Malware.AI.3945856207, C:\USERS\_\ONEDRIVE\DESKTOP\READING\WGCheck_NA.lnk, Quarantined, 1000000, 0, , , , , 7343F4DE69584A10834BEBB315CDF495, 6FFD77234449B0233495D1B144B2311FB8F9B577E63676F2CFB04BE6AADA8F5D Malware.AI.3945856207, C:\GAMES\WGCHECK NA_(2)\WGC_API.EXE, Quarantined, 1000000, 0, 1.0.37821, 77D6092A6E0A68C6EB30FCCF, dds, 01143936, 2A6D3F28BD343D8E53D2A89854A8629B, F6835E9073019F560A210B75849190AA017E8B166A762717D35F6130285580B9 Malware.AI.3945856207, C:\USERS\_\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\World_of_Warships_NA.lnk, Quarantined, 1000000, 0, , , , , 16C9CEF54C6E9250B5D3122409E39E87, AD6A357FB0A0BEC2F6E9175873BFFEE02870C2B413E3908D0CA95D5F1AC3903D Malware.AI.3945856207, C:\USERS\_\ONEDRIVE\DESKTOP\READING\World_of_Warships_NA.lnk, Quarantined, 1000000, 0, , , , , 027F8C067D32917B3ED542382A8F57AE, BF255576B715B3F8D758059290F08E55F1EFFC98EFCFB04F7AF77FCF5D56F421 Malware.AI.3945856207, C:\GAMES\WORLD_OF_WARSHIPS_NA_(2)\WGC_API.EXE, Quarantined, 1000000, 0, 1.0.37821, 77D6092A6E0A68C6EB30FCCF, dds, 01143936, 2A6D3F28BD343D8E53D2A89854A8629B, F6835E9073019F560A210B75849190AA017E8B166A762717D35F6130285580B9 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Also why does it say "solved 3 hours ago" by me? Link to post Share on other sites More sharing options...
K0STA Posted March 9, 2021 Author ID:1443634 Share Posted March 9, 2021 Well that's odd... it says rootkits disabled, but I never changed that and it is currently enabled. It's one of the first settings I change after installing MWB... maybe it doesn't mean what I think it means in the log? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted March 9, 2021 ID:1443637 Share Posted March 9, 2021 I was able to reproduce the detection. It was indeed a false positive and it is now fixed. You can go to Detection History > Quarantine > Sort by name and find all entries labeled as Malware.AI.3945856207, check a box next to those and click Restore. Thank you for your patience. Link to post Share on other sites More sharing options...
Porthos Posted March 9, 2021 ID:1443638 Share Posted March 9, 2021 11 minutes ago, K0STA said: Scan Initiated By: Scheduler 10 minutes ago, K0STA said: it says rootkits disabled, but I never changed that and it is currently enabled. The scheduled scans have a different place to enable rootkit scanning. I do not suggest rootkit scanning on any regular basis. It is not needed since you have the premium version. But if you insist a screenshot is below. Also anything any scan other than the standard threat scan is not needed as well. Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc. It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Malwarebytes will detect files like these on execution only with the anti-exploit module of the paid program. Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures. Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations. This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected. The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it. Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades. Link to post Share on other sites More sharing options...
K0STA Posted March 11, 2021 Author ID:1443926 Share Posted March 11, 2021 On 3/9/2021 at 5:09 PM, Porthos said: The scheduled scans have a different place to enable rootkit scanning. I do not suggest rootkit scanning on any regular basis. It is not needed since you have the premium version. But if you insist a screenshot is below. Also anything any scan other than the standard threat scan is not needed as well. Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc. It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Malwarebytes will detect files like these on execution only with the anti-exploit module of the paid program. Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures. Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations. This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected. The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it. Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades. I have the paid version of MWB. I am talking about this option: Link to post Share on other sites More sharing options...
Porthos Posted March 11, 2021 ID:1443993 Share Posted March 11, 2021 (edited) 7 hours ago, K0STA said: I have the paid version of MWB. I am talking about this option: That option in your screenshot only covers Manual scans. Your post showed the scan was scheduled. Rootkit scans for scheduled scans need to be enabled like in the screenshot I posted. On 3/9/2021 at 4:52 PM, K0STA said: -Scan Summary- Scan Type: Custom ScanScan Initiated By: Scheduler Result: Completed Objects Scanned: 794835 Threats Detected: 7 Threats Quarantined: 7 Time Elapsed: 1 hr, 8 min, 28 sec Edited March 11, 2021 by Porthos 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 5, 2021 Root Admin ID:1449193 Share Posted April 5, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts