VKBDevCfg-C_v0.92.33 showing up as Malware.Heuristic.1006

[zim55533]

Hi, 

Is this a false positive? It's a joystick configuration software from VKB.

https://www.virustotal.com/gui/file/cdebc38cdc3c1a0593c954d4541045060e6de0b3dcdcf1f033a80bb9d9006e6c

https://www.virustotal.com/gui/file/38a78d8bd4999649ae87e175ad1e429cce9239780dec897bf7f86d6aa02d4272

 

VKBDevCfg-C_v0.92.33.zip

[shadowwar]

These have been whitelisted. They are a fp. 

[zim55533]

Thank you! The .exe inside as well?

31 minutes ago, shadowwar said:

They are a fp. 

False positive?

[Porthos]

5 minutes ago, zim55533 said:

False positive?

Yes

[zim55533]

The .exe in the ZIP still shows up as a threat in the desktop app and VirusTotal...

[Porthos]

5 minutes ago, zim55533 said:

The .exe in the ZIP still shows up as a threat in the desktop app

If it is the exact same file  in the attachment from the original post, I do not see a detection. If it has changed we need the new file.

As for Virus total,

 

[zim55533]

13 hours ago, Porthos said:

If it is the exact same file  in the attachment from the original post, I do not see a detection. If it has changed we need the new file.

As for Virus total,

 

Actually, it seems like it may have changed. The VirusTotal scan in my OP goes to a file that was scanned 15 days ago, but the .exe in the ZIP I just re-downloaded has a new SHA now despite the .ZIP having the same...?

"New" EXE:
https://www.virustotal.com/gui/file/aa495f2105abaee3cb3da0cd77886924c4c4a295a499a55bfb2c8978cda64b32

VKBDevCfg-C_v0.92.33.zip

[Porthos]

10 minutes ago, zim55533 said:

"New" EXE:

Still not detected by installed product.

[zim55533]

4 hours ago, Porthos said:

Still not detected by installed product.

It's still detected as "Malware.Heuristic.1006" in my desktop app running 4.5.14 with the latest definitions?

[Porthos]

3 hours ago, zim55533 said:

It's still detected as "Malware.Heuristic.1006" in my desktop app running 4.5.14 with the latest definitions?

Please clear your hubble cache by doing the following:

1. Click on the Malwarebytes icon in the system tray
2. Select "Quit Malwarebytes"
3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
4. Delete the file HubbleCache
5. Open Malwarebytes

[zim55533]

4 hours ago, Porthos said:

Please clear your hubble cache by doing the following:

1. Click on the Malwarebytes icon in the system tray
2. Select "Quit Malwarebytes"
3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
4. Delete the file HubbleCache
5. Open Malwarebytes

Nope, same thing even after deleting the file before.

[Porthos]

5 minutes ago, zim55533 said:

Nope, same thing even after deleting the file before.

Could you post the log showing the detection.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

 

If you click on the View option you should get something similar to the following with other options available.

 

 

 

 

Thank you

[zim55533]

20 hours ago, Porthos said:

Could you post the log showing the detection.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

 

If you click on the View option you should get something similar to the following with other options available.

 

 

 

 

Thank you

I'm not sure what's going on now. I re-downloaded the file, it finally wasn't detected, but then it was re-detected while I scanned the downloads folder? But after restarting MB it's back to undetected?

[zim55533]

6 minutes ago, zim55533 said:

I'm not sure what's going on now. I re-downloaded the file, it finally wasn't detected, but then it was re-detected while I scanned the downloads folder? But after restarting MB it's back to undetected?

It re-appeared. Here's the log:

Quote

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/21/22
Scan Time: 6:31 PM
Log File: dc2e1542-39ca-11ed-84ce-2c4d54d861b6.json

-Software Information-
Version: 4.5.14.210
Components Version: 1.0.1767
Update Package Version: 1.0.60360
License: Free

-System Information-
OS: Windows 10 (Build 19044.2075)
CPU: x64
File System: NTFS
User: DESKTOP-PITRH5Q\zim

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 74
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 13 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1006, C:\USERS\ZIM\DOWNLOADS\VKBDEVCFG-C_V0.92.33\VKBDEVCFG-C.EXE, No Action By User, 1000001, 0, 1.0.60360, 0000000000000000000003EE, dds, 01955584, C62D66FF992C1A69F6F2478CD024CBCD, AA495F2105ABAEE3CB3DA0CD77886924C4C4A295A499A55BFB2C8978CDA64B32

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

[Porthos]

1 hour ago, zim55533 said:

It re-appeared. Here's the log:

Lets use the support tool and do a clean uninstall and reinstall.

Download the Malwarebytes Support Tool.

Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

Please say no and close the X button on the top right for Privacy unless you have a subscription to it.

[zim55533]

6 minutes ago, Porthos said:

Lets use the support tool and do a clean uninstall and reinstall.

 

Download the Malwarebytes Support Tool.

 

 

 

Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

 

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

 

Please say no and close the X button on the top right for Privacy unless you have a subscription to it.

 

 

Are you sure the file isn't still being falsely flagged? Still marked as malicious on VT with the same name.

[Porthos]

8 minutes ago, zim55533 said:

Still marked as malicious on VT with the same name.

Virus Total uses a different scan engine.

[zim55533]

1 hour ago, Porthos said:

Virus Total uses a different scan engine.

Yes, but if it's detected there AND in the desktop app, isn't something off on MB's end?

[Porthos]

Just now, zim55533 said:

AND in the desktop app, isn't something off on MB's end?

That is why I asked you to do a clean install with the support tool.

I do not have the same detection.

[zim55533]

On 9/21/2022 at 9:21 PM, Porthos said:

That is why I asked you to do a clean install with the support tool.

I do not have the same detection.

Do you see the same behavior as me if you unzip the folder, wait a short while and then scan the entire parent folder where the .zip file was unzipped?

[Porthos]

3 hours ago, zim55533 said:

Do you see the same behavior as me if you unzip the folder, wait a short while and then scan the entire parent folder where the .zip file was unzipped?

No, Have you done the clean install yet???

[shadowwar]

This is whitelisted now. Somehow it was cleared. 

[zim55533]

On 9/23/2022 at 1:56 PM, shadowwar said:

This is whitelisted now. Somehow it was cleared. 

Great, thanks! 

Finally stops being detected now it seems.