Jump to content

Critical Roblox file found to be malware.heuristic.1001...fresh install

GlennM2

By GlennM2
in File Detections

 Share

Recommended Posts

GlennM2

GlennM2

Posted
Posted

I have MB run a scan every night. Last night it detected a critical Roblox file, without which Roblox cannot run. At first, I thought I had played a game (I review games) that was a trojan, so I let MB quarantine the infection and restarted as required. Roblox wouldn't work after that. The file is located in the hidden, restricted folder WindowsApps.

I uninstalled and reinstalled Roblox via MS Store and checked again - the same file was identified after I tried both games. I quarantined, restarted, uninstalled and reinstalled again, then immediately scanned. Same result.

The log is attached to this post. It seems to me that this is a false positive, or else something else on my computer is infecting Roblox....Please assist.

Roblox malware.txt

Link to post
Share on other sites
Morrile

Morrile

Posted
Posted

has this been resolved, as I am seeing the same issue on two PCs

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 24/05/2021
Scan Time: 13:00
Log File: 90c2b890-bc87-11eb-b569-b42e99fc0374.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40852
Licence: Premium

-System Information-
OS: Windows 10 (Build 19043.985)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 1357636
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 6 hr, 3 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Malware.Heuristic.1001, C:\PROGRAM FILES\WINDOWSAPPS\ROBLOXCORPORATION.ROBLOX_2.479.29352.0_X86__55NM5EH3CM0PR\WINDOWS10UNIVERSAL.EXE, Quarantined, 1000001, 0, , , , , 3717583FA2E6749E606B4FD09ED9A21C, 0D987F040DAECE18C2DB920047714350312717CD1E0B8EBCB4FF712B9D59D72F

Module: 1
Malware.Heuristic.1001, C:\PROGRAM FILES\WINDOWSAPPS\ROBLOXCORPORATION.ROBLOX_2.479.29352.0_X86__55NM5EH3CM0PR\WINDOWS10UNIVERSAL.EXE, Quarantined, 1000001, 0, , , , , 3717583FA2E6749E606B4FD09ED9A21C, 0D987F040DAECE18C2DB920047714350312717CD1E0B8EBCB4FF712B9D59D72F

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1001, C:\PROGRAM FILES\WINDOWSAPPS\ROBLOXCORPORATION.ROBLOX_2.479.29352.0_X86__55NM5EH3CM0PR\WINDOWS10UNIVERSAL.EXE, Delete on Reboot, 1000001, 0, 1.0.40852, 0000000000000000000003E9, dds, 01259075, D99B1458D73038254ED18C44DB1442BD, F06C6296C05C1ABE69AB70354DA96E2E948FC693F5004F636A19347087A1DED3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
2 minutes ago, Morrile said:

has this been resolved, as I am seeing the same issue on two PCs

Hi,

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

This is normally disabled by default.

In either way, Staff will look into this and get this fixed.

Thanks for reporting!

FYI. This setting is in the experimental stage.

That setting is to detect malformed files but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you are able to tell the difference between a FP and a legit detection. 

And if you keep it on, I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Link to post
Share on other sites
Morrile

Morrile

Posted
Posted

Many thanks to you both.

I did have the "Use expert system algorithms to identify malicious files" enabled as there is no mention about being within an "experimental stage"

I also found that it reports a false positive for GRC's SpinRite.exe

I try and have everything locked down as much as possible 😁

Morrile

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
3 minutes ago, Morrile said:

try and have everything locked down as much as possible 😁

That setting will produce many FP's and you are always welcome to report them to assist in the training of this feature.

But if you wish to keep using it bt sure to disable auto quarantine on all scans.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.