Jump to content

False positive Malware.Ransom.Agent.Generic for Zotero.exe


Recommended Posts

C:\Program Files (x86)\Zotero\zotero.exe

MD5: da76aeca106e12c11b7812c5f312058f
SHA256: baed6465ad324fba6ec94b5a4181777807e835a5efea44cb9a7c381c08167a03

No hits on VirusTotal -- https://www.virustotal.com/gui/file/baed6465ad324fba6ec94b5a4181777807e835a5efea44cb9a7c381c08167a03/detection

Seems to be a known issue -- https://forums.zotero.org/discussion/91594/updater-detected-as-ransomware

I verified that the user downloaded the executable from the legitimate zotero.org website.

Edited by AdvancedSetup
Disabled live hyperlinks
Link to post
Share on other sites

Could you post the log showing the detection.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

This detection came through Malwarebytes Enterprise. We use Nebula to manage our deployments. Is there a way to pull the logs without going directly to the endpoint for them? If not, please send me whatever instructions I should follow to get you what you need from the Enterprise version.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.