Jump to content

Possible FP - Farbar MiniToolBox (Malware.Sandbox.17)


lmacri
 Share

Recommended Posts

I'm seeing a possible false positive detection for Farbar's MiniToolBox (available for download at https://www.bleepingcomputer.com/download/minitoolbox/).

I've had the MiniToolBox.exe file saved in my C:\<myusername>\Downloads folder for several years but my scheduled Threat scan of 19-Sep-2022 (Update Package v1.0.60281) detected it yesterday as Malware.Sandbox.17 and sent it to quarantine.

I downloaded a fresh copy of MiniToolBox.exe today (20-Sep-2022) from BleepingComputer and ran manual Threat scan (Update Package v1.0.60303), and today it was detected as Malware.AI.4088022580.

Both scan logs are attached, as well as the zipped copy of MiniToolBox.exe I downloaded today.

MB v4_5_14 Scan Log Malware_Sandbox_17 FP Farbar MiniToolBox 19 Sep 2022.txt

MB v4_5_14 Scan Log Malware_AI_4088022580 FP Farbar MiniToolBox 20 Sep 2022.txt

MiniToolBox.zip
----------
64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Edited by lmacri
Link to post
Share on other sites

Hi shadowwar:

Problem solved. I can confirm my scheduled Threat scan ran this evening (Update Package v1.0.60323) and Farbar's MiniToolBox.exe is no longer detected as a threat.

Thanks for whitelisting this executable so quickly.
----------
64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0
Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Link to post
Share on other sites

Hi garioch7:

Out of curiosity, what is the version number of your Update Package (malware definition set)?  I don't have permission to open your mbam_scan_results.txt attachment so I can't see your version numbers.

I just re-scanned my MiniToolBox.exe (file version v13.5.2022.0) with Update Package v1.0.60375 and the scan is clean.  I also downloaded a fresh copy from https://www.bleepingcomputer.com/download/minitoolbox/ and that scan of MiniToolBox.exe was clean as well.

MB v4_5_14 Scan Log Farbar MiniToolBox No Detecion 23 Sep 2022.txt
------------
64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.1 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979Dell
Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Edited by lmacri
Fix link to BleepingComputer download page
Link to post
Share on other sites

@Imacri

This gets stranger and stranger. Tried executing the MiniToolBox.exe (MTB) version I had and MBAM threw an RTP detection on that version.

Went and downloaded a fresh copy from BC (mine was dated 2017).  Ran a scan and MBAM detected it again.  Scan results attached.

Tried to execute the "new" MTB and Smartscreen threw up a warning.  I ignored the Smartscreen warning, and MTB launched, MBAM did not interfere.

Logs attached.

Regards,
Phil

MiniToolBox_lastest_version_detection.txt MiniToolBox_RTP_Detection.txt

Link to post
Share on other sites

  • Staff

Both of these reports are the same files you reported earlier. it may take about 10 mins for my whitelisting to take effect. 

 

Worse case you may have to shutdown mbam totally. Go here:

C:\ProgramData\Malwarebytes\MBAMService

 

and only delete the file:

hubblecache

 

(it has no extension.)

 

They restart mbam and rescan the files. 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.