Jump to content

.mp3 detected as PUP.Optional.BundleInstaller


Recommended Posts

Name:       EMiT KCaB NRuT DLUoC I fI - REhC.mp3
Size:       9417850 bytes (9197 KiB)
CRC32:      306341D3
CRC64:      F7177F1741BF1160
SHA256:     B9C9E2C528708C16928E3F2B230EEC9D1A0A6711439F0E004995C2263F734C82
SHA1:       F4E85347C1D377F365FFEEBF2887CB3470B217B0
BLAKE2sp:   D02CE2F3B9A9776DD7E4AE7281D14220C31DEA17876C6DC934824351755F8B33

Apologies for the terrible reversed song.

Thanks, Elliott

logfile.txt EMiT KCaB NRuT DLUoC I fI - REhC.mp3.zip

Link to post
Share on other sites

  • Staff


I can't reproduce detection on this file. It's actually not supposed to detect this file at all, as this isn't even a binary/PE file.

According to the log, it's supposed to detect a bundled cheatengine installer, so I wondered if you have that installed as well, where it was probably open during the time of this scan, so it misreported this.


Link to post
Share on other sites

Cheat Engine is installed on this machine, however it was not running at the time of the scan (afaik), and hasn't been run since April. I'm also unable to reliably reproduce the detection with a threat scan, custom scan (with all scan options enabled) or scan triggered using the shell extension, however this is not the first time this specific detection has happened for me on a scheduled scan (see attached log from last week).

I've also found another erroneous PUP.Optional.BundleInstaller detection in my history which I cannot reproduce, which I've also attached.

detection-20210824.txt altdetection-20210814.txt dnscrypt-proxy-win64-2.0.29-beta.1.zip.zip

Link to post
Share on other sites

  • Staff


I can't reproduce detection on any of above either.

The cheatengine detection is correct though, as its installer is indeed bundled. It's safe to delete the installer anyway. It just looks like a hiccup here, where it actually detects this cheatengine, but misreports it in the log.

Can you uninstall and reinstall Malwarebytes again, then reboot?

If these misreportings still happen, please post the mbamservice log that is present in your C:\ProgramData\Malwarebytes\MBAMService\logs folder



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.