Jump to content

Malware.Ransom.Agent.Generic - strongly suspect this is a false positive


Recommended Posts

MalwareBytes has quarantined part of Quartus 21.1, and flagged it as Malware.Ransom.Agent.Generic.

This seems very unlikely to be true, to me, but since it's such an extreme claim, I don't feel able to get on with what I wanted to do.

I'm trying to use Quartus with VHDPlus as a front end.  I have no reason to suspect either contains malware.  I installed Quartus 21.1 from Intel's website, probably a few months ago, and I installed VHDPlus from their website, within the last couple of weeks.

On maybe the third or fourth use of VHDPlus to compile something, which uses parts of Quartus in batch mode, MalwareBytes decided C:\intelFPGA_lite\21.1\quartus\bin64\quartus_sh.exe contained ransomware, and quarantined it.


I really doubt this is true.  What can I do to have it checked?  Can I submit the file to be checked properly?


Here is the report, from the MalwareBytes software:



-Log Details-
Protection Event Date: 10/28/22
Protection Event Time: 3:30 AM
Log File: 886d3a36-5668-11ed-84b8-80c16ef073ca.json

-Software Information-
Components Version: 1.0.1772
Update Package Version: 1.0.61623
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

File: 1
Malware.Ransom.Agent.Generic, C:\intelFPGA_lite\21.1\quartus\bin64\quartus_sh.exe, Quarantined, 0, 392685, 0.0.0, 57240f9677463e6ac333f5a25c4f001c, 95bec250e446dabf0819b9c9fac571f4ac1adb93873917a60eafde3907c68aa1



FWIW, I previously registered with this forum in 2011, but am unable to recover that account, or register again with the same username.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

This has been fixed already, the moment I responded to this :)


Edited to add, if this is still being detected, please post the detection log as you did in the first post, where the exact detection is listed, so we can have a look if this is the same file or something different.


Edited by miekiemoes
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.