PrivaZer_Team Posted May 17, 2021 ID:1457328 Share Posted May 17, 2021 Hello, here is the PrivaZer Team. One of our customer reports that Malwarebytes flagged our tool called PrivaZer. Here is the info given by our customer : Hi I downloaded you latest doners exe file and malwarebytes said it tried to load ransomware and It blocks every time from reinstalling. Is you sofe to use at the moment please. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/16/21 Protection Event Time: 7:14 AM Log File: bb19dec8-b5db-11eb-9512-4cedfb2d2bea.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1292 Update Package Version: 1.0.40452 License: Premium -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: System -Ransomware Details- Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) File: 1 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\PrivaZer\PrivaZer.exe, Blocked, 0, 392685, 0.0.0, 1d75a70eacaf32dadd277a2d643c7178, bcae3aa20819866f5bf2b8f4cc3b47a5c1c68d0237e71aed0fe805d036da3d5d (end) The exe is here : https://privazer.com/PrivaZer_for_Donors.exe Please help, The PrivaZer Team Link to post Share on other sites More sharing options...
Staff miekiemoes Posted May 17, 2021 Staff ID:1457329 Share Posted May 17, 2021 Hi, This has been fixed already since a couple of days ago. If detection still happens, Quit malwarebytes from the systemtray. Then navigate to the following folder: C:\ProgramData\Malwarebytes\MBAMService In there, locate the file HubbleCache and delete it. Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore. Link to post Share on other sites More sharing options...
PrivaZer_Team Posted May 17, 2021 Author ID:1457331 Share Posted May 17, 2021 Thank you. Link to post Share on other sites More sharing options...
PrivaZer_Team Posted July 22, 2021 Author ID:1470602 Share Posted July 22, 2021 Hello, it seems PrivaZer is flagged again.Please fix this false positive. ----------------------------------------------------- A user of PrivaZer is reporting this : Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/18/21 Protection Event Time: 2:24 AM Log File: 966492e6-e734-11eb-b601-4cedfb2d2bea.json -Software Information- Version: 4.4.3.125 Components Version: 1.0.1387 Update Package Version: 1.0.43205 License: Premium -System Information- OS: Windows 10 (Build 19043.1110) CPU: x64 File System: NTFS User: System -Ransomware Details- Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) File: 1 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\PrivaZer\PrivaZer.exe, Blocked, 0, 392685, 0.0.0, 3221758e1351456b2f0d1aa2d95b114e, 6480636b6cb42ee56b4ea24238089ad0cd74d4ddc281c1c84e91e2edf73d2525 (end) Link to post Share on other sites More sharing options...
PrivaZer_Team Posted January 8, 2022 Author ID:1496681 Share Posted January 8, 2022 Hello, our new version of PrivaZer is flagged. Please fix this new false positive. Our PC cleaner is here :https://privazer.com/download.php Can you make sure it won't happen in the future ? Do you have a whitelist for software editors ? Please help, The PrivaZer Team Link to post Share on other sites More sharing options...
Porthos Posted January 8, 2022 ID:1496687 Share Posted January 8, 2022 3 hours ago, PrivaZer_Team said: Please help, Could you post the actual log that shows the detection please. You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available. Thank you Link to post Share on other sites More sharing options...
PrivaZer_Team Posted January 9, 2022 Author ID:1496854 Share Posted January 9, 2022 Look at the screenshot provided please. The problem is not on a website but on an app installed on a PC. The app is here : https://privazer.com/download.php The minimum you can do is to download it and test it as other antivirus/security companies do in such a case. Do you think it is normal to flag a software as a trojan when it is not ? Do you think we are happy with that ? Link to post Share on other sites More sharing options...
Porthos Posted January 9, 2022 ID:1496861 Share Posted January 9, 2022 (edited) On 1/9/2022 at 1:57 PM, PrivaZer_Team said: Look at the screenshot provided please. The problem is not on a website but on an app installed on a PC. Staff require a log as it contains the info needed to fix the issue. Screenshots are not enough. I installed your program and scanned. NO detection's. Could have been fixed already. If your screenshot came from a user, they need to update Malwarebytes un-quarantine and rescan. If the detection remains we need the logs. Edited November 4, 2023 by Porthos Link to post Share on other sites More sharing options...
PrivaZer_Team Posted November 4, 2023 Author ID:1598245 Share Posted November 4, 2023 Hello, new false positive on customers PC running PrivaZer. Here is the details : -Log Details- Protection Event Date: 9/22/23 Protection Event Time: 1:09 AM Log File: 619b7431-591f-11ee-8a04-b8ac6fa5035d.json -Software Information- Version: 4.6.2.281 Components Version: 1.0.2131 Update Package Version: 1.0.75545 License: Premium -System Information- OS: Windows 10 (Build 19045.344 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.PayloadProcessBlock, C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c};, Blocked, 701, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c}; URL: (end) Please fixe it. Thanks. OK ? Link to post Share on other sites More sharing options...
Solution Porthos Posted November 4, 2023 Solution ID:1598246 Share Posted November 4, 2023 (edited) 6 minutes ago, PrivaZer_Team said: -Software Information- Version: 4.6.2.281 You need to have the user update the version of Malwarebytes. There is/was an issue with the exploit protection on versions older than 4.6.4. The current version is 4.6.6 The easiest way is to have them download the following and install over what they have. https://www.malwarebytes.com/mwb-download/thankyou Edited November 4, 2023 by Porthos Link to post Share on other sites More sharing options...
Porthos Posted November 4, 2023 ID:1598247 Share Posted November 4, 2023 @PrivaZer_Team Also, please always create new topics in the future. This would have been overlooked if I had not been still following the topic. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now