False positive when installing software

[lostinkc]

The attached file (inside the .zip) was quarantined as containing Malware.Ransom.Agent.Generic, preventing installation of commercial software from TRichView.com.

MalwareBytes concurrently quarantined a registry key (as containing Malware.Ransom.Agent.Generic, blocking its value as well.  The registry key was used in validating software registration.

 

IDEInstall.zip

[1PW]

For Malwarebytes Staffers:

https://www.virustotal.com/gui/file/ddb854064d343f7cc1f28c4ab48ce3fd62f214e3cf37ec3791831ead4793b2d4?nocache=1

Hello @lostinkc and :

Would you please reply to this topic with the Malwarebytes' scan log? Thank you.

[screen317]

We have whitelisted the file.

All best,

[lostinkc]

Log attached.  Appears to include a copy of IDEInstall.exe which was created as I had turned off malware protection.

MBAMSERVICE.LOG.zip

[lostinkc]

Thank you for whitelisting.  I'm still concerned.  I downloaded updates a few minutes ago which included a restart of Malwarebytes. 

I tried the two installs (D:\Download ISO & Installs\TRichView\TRichViewSetupV22.3.1.exe and D:\Download ISO & Installs\TRichView\TRichViewFMXSetupV22.3.1.exe) again which each failed again, though without moving anything to quarantine.

I copied MBAMSERVICE.LOG and briefly reviewed.  I see reference to each install and the author's name (Sergei Tkachenko).  I have zipped the file for your reference/analysis.

My initial suspicion is that some information about these files is cached and therefore the whitelist may not have been checked (or perhaps wasn't in the Malwarebytes update yet).

MBAMSERVICE.zip