Jump to content

PrivaZer false positive


PrivaZer_Team
Go to solution Solved by Porthos,

Recommended Posts

Hello,

 

here is the PrivaZer Team.

One of our customer reports that Malwarebytes flagged our tool called PrivaZer.

Here is the info given by our customer :

Hi I downloaded you latest doners exe file and malwarebytes said it tried to load ransomware and It blocks every time from reinstalling. Is you sofe to use at the moment please. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/16/21 Protection Event Time: 7:14 AM Log File: bb19dec8-b5db-11eb-9512-4cedfb2d2bea.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1292 Update Package Version: 1.0.40452 License: Premium -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: System -Ransomware Details- Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) File: 1 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\PrivaZer\PrivaZer.exe, Blocked, 0, 392685, 0.0.0, 1d75a70eacaf32dadd277a2d643c7178, bcae3aa20819866f5bf2b8f4cc3b47a5c1c68d0237e71aed0fe805d036da3d5d (end)

 

The exe is here :
https://privazer.com/PrivaZer_for_Donors.exe

Please help,

 

The PrivaZer Team

Link to post
Share on other sites

  • Staff

Hi,

This has been fixed already since a couple of days ago.

If detection still happens, Quit malwarebytes from the systemtray.
Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Link to post
Share on other sites

  • 2 months later...

Hello,

it seems PrivaZer is flagged again.
Please fix this false positive.

 

-----------------------------------------------------

A user of PrivaZer is reporting this :

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/18/21
Protection Event Time: 2:24 AM
Log File: 966492e6-e734-11eb-b601-4cedfb2d2bea.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43205
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1110)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\PrivaZer\PrivaZer.exe, Blocked, 0, 392685, 0.0.0, 3221758e1351456b2f0d1aa2d95b114e, 6480636b6cb42ee56b4ea24238089ad0cd74d4ddc281c1c84e91e2edf73d2525


(end)

Link to post
Share on other sites

  • 5 months later...
3 hours ago, PrivaZer_Team said:

Please help,

Could you post the actual log that shows the detection please.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

Look at the screenshot provided please.

The problem is not on a website but on an app installed on a PC.

 

The app is here :

https://privazer.com/download.php

 

The minimum you can do is to download it and test it as other antivirus/security companies do in such a case.

Do you think it is normal to flag a software as a trojan when it is not ?

 

Do you think we are happy with that ?

 

Link to post
Share on other sites

On 1/9/2022 at 1:57 PM, PrivaZer_Team said:

Look at the screenshot provided please.

The problem is not on a website but on an app installed on a PC.

Staff require a log as it contains the info needed to fix the issue. Screenshots are not enough.

I installed your program and scanned. NO detection's. Could have been fixed already.

If your screenshot came from a user, they need to update Malwarebytes  un-quarantine and rescan.

If the detection remains we need the logs.

Edited by Porthos
Link to post
Share on other sites

  • 1 year later...

Hello,

 

new false positive on customers PC running PrivaZer.

Here is the details :

-Log Details-
Protection Event Date: 9/22/23
Protection Event Time: 1:09 AM
Log File: 619b7431-591f-11ee-8a04-b8ac6fa5035d.json

-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.75545
License: Premium

-System Information-
OS: Windows 10 (Build 19045.344:cool:
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c};, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c};
URL:

(end)

 

Please fixe it.

 

Thanks. OK ?

 

Link to post
Share on other sites

  • Solution
6 minutes ago, PrivaZer_Team said:

-Software Information-
Version: 4.6.2.281

You need to have the user update the version of Malwarebytes. There is/was an issue with the exploit protection on versions older than 4.6.4. The current version is 4.6.6

The easiest way is to have them download the following and install over what they have. https://www.malwarebytes.com/mwb-download/thankyou

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.