MachineLearning/ Anomalous.100% (in Corel Downloads)

[CathySue76]

I don't know what to do with this.  When I look it up, it sounds as if it's not really malware, but I don't know how to tell.

This is what it gives me to export...


 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/12/2024
Scan Time: 5:24 PM
Log File: 5cfc4890-f91b-11ee-b43d-c01803d7b8db.json

-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1214
Update Package Version: 1.0.83367
License: Premium

-System Information-
OS: Windows 11 (Build 22621.3296)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 261444
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 14 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
MachineLearning/Anomalous.100%, C:\PROGRAMDATA\COREL\DOWNLOADS\1698088516803\BITF665.TMP, No Action By User, 0, 392687, 1.0.83367, , shuriken, , B80428454904961D7BC958D53F8CAF2B, 2FC163DDCB1A36B4AA7663EF1C2EB6812568F9FDD8CD4A5437ED9204F8E06B3F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[cli]

Can you attach the file that was detected?

[CathySue76]

This is the report. 

Malwarebytes Scan Report 2024-04-12 222401.txt

[Porthos]

34 minutes ago, CathySue76 said:

This is the report. 

Need the file BITF665.TMP

Edited April 13 by Porthos

[CathySue76]

When I do a search for BITF115.TMP, it shows me the file that I have already pasted in once and attached a second time.

Can you please tell me how to find that file because it keeps just giving me this ...

Malwarebytes Scan Report 2024-04-12 222401.txt

[David H. Lipman]

@CathySue76

Please go to the Folder;   C:\PROGRAMDATA\COREL\DOWNLOADS\1698088516803\

and find the file;  BITF665.TMP

Place that file it in a ZIP, RAR or 7zip Archive and attach that in a reply.

You are posting a Scan Log, not the actual file requested needed by @cli to verify if this is a False Positive detection on the file;  BITF665.TMP or not.

Edited April 14 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[CathySue76]

I could not find a file like that.  Here are pictures of where I looked and what was there.

[Porthos]

It is possible since it was a tmp (temporary) file it deleted itself.

[CathySue76]

When I ran the scan again about an hour ago, it was still showing the temp file as a threat.  This time I selected quarantine. I've tried to find a quarantine folder in MalwareBytes that I could send it from, but I can't find a quarantine folder.

Also, before I ran the new scan, when I tried to go back and look in Corel Downloads again, the download folder inside Corel had disappeared.  I've looked and looked and can't find a download folder anywhere inside Corel.  I did not delete it, but I still looked inside the trash folder and it's not there either.

This is very strange.  However, I am one of those who barely knows how to operate a computer.  So maybe it's not so strange.


 

[David H. Lipman]

BITF665.TMP   may be a Hidden file.    You will either have to change the Folder view to Unhide Hidden files or in an Administrator Command Prompt go to the Folder;

C:\PROGRAMDATA\COREL\DOWNLOADS\1698088516803\ 

and type;

attrib *.* -r -h -s

And then see if you can View/Find the file in that Folder.

How to Show Hidden Files on Windows 11

[CathySue76]

AHA!

Yes,  a hidden file.  And suddenly the Download file is visible, but it's a different download file than I was seeing earlier.  

However, the BITF665.TMP file is not in there.  Possibly because I quarantined it?

When I look in the MalwareBytes folder I can now see two quarantine files, which this will not let me share because it says it's the wrong file type.

This is what I see in there, which I assume is the file we're looking for?

Is there a way to unquarantine?  

I may not be able to work on this any longer tonight though.  So perhaps best to leave in quarantine until I have more time?

Thank you,
Cathy

 

[David H. Lipman]

Then you would have to temporarily Disable Malwarebytes "Malware Protection", and then Restore the file from Quarantine and subsequently capture it in a ZIP, RAR or 7zip and attach that in a reply. 
Then re-enable Malwarebytes "Malware Protection".