nord Posted April 11, 2011 ID:414427 Share Posted April 11, 2011 I have MalwareBytes Pro 1.46 and one problem. (XP PRO SP3, Avast 6.0.1.000, Outpost 2009 Free Firewall)I use Foxmail 5.0.800.0 as my email program. It uses puylib.dll (patched, not the original which put Secunia in an uproar some time ago now). Malwarebytes insists on blocking this part of Foxmail and I have to click on ignore each and every time I fire up Foxmail and go off to check mail from Google (default settings as SSL is handled by Avast).How do you add a program to the Ignore List? I can't seem to find the setting anywhere.Tks for listening.Malwarebytes warning:c:\program Files\Fox6\3rdParty\Punylib.dll (adware CNNIC) Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414429 Share Posted April 11, 2011 Greetings and welcome To ignore the item, open Malwarebytes' Anti-Malware and click on the Ignore List tab and click on the Add button and browse to the location of Punylib.dll and click on the file once and click OK. It should no longer be detected.Also, if you believe this is a false positive you should refer to this post: Read before reporting a false positive!and post the info here: False Positives (you'll need to do that before adding it to the Ignore List so that you can get a log of the detection for the researchers so they can see why it's being detected).Thanks Link to post Share on other sites More sharing options...
Firefox Posted April 11, 2011 ID:414430 Share Posted April 11, 2011 Hello and Sorry exile360 I did not notice we were both replying to this topic....Please follow exile360 insturctions on how to add the file to the ignore list, but you may also want to update your version of Malwarebytes to the latest version....First things first, you are using verions 1.46 Pro of Malwarebytes, that is quite outdated (Current Version is 1.50.1.1100 with database 6333). Lets get you updated to the latest version then we will see if your problem continues....Please do the following: Download and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it. Link to post Share on other sites More sharing options...
Staff shadowwar Posted April 11, 2011 Staff ID:414470 Share Posted April 11, 2011 I believe Exiles instructions only work with the 1.50 ignore list.It is recommended you upgrade as detection is a LOT better in 1.50. Please submit the file to the false positive forums so we can address it and get it removed from detections if need be. Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414473 Share Posted April 11, 2011 That's correct on both counts (Firefox and shadowwar), I didn't catch that you were running version 1.46. Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414562 Share Posted April 11, 2011 Hello and Sorry exile360 I did not notice we were both replying to this topic....Please follow exile360 insturctions on how to add the file to the ignore list, but you may also want to update your version of Malwarebytes to the latest version....First things first, you are using verions 1.46 Pro of Malwarebytes, that is quite outdated (Current Version is 1.50.1.1100 with database 6333). Lets get you updated to the latest version then we will see if your problem continues....Thanks to everyone who responded.... and yes, 1.46 doesn't have the ignore list, so am off to uninstall and reinstalle 1.50.xxx now and will follow all the other instructions and then get back to y'all ASAP.Much thanks. Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414566 Share Posted April 11, 2011 Excellent, thanks for keeping us up to date . Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414578 Share Posted April 11, 2011 Excellent, thanks for keeping us up to date .exile360 and everyone else who helped!All's well. Have updated to 1.50.1.1100 and latest definition files... Was able to add punylib.dll to the ignore list.Hesitate to send info on for analysis as there are the old and bad (according to Secunia) versions out there along with the patched ones. I had to find the patched ones myself, some time ago, to make Foxmail 5 secure (or at least more secure than before). Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414590 Share Posted April 11, 2011 You're most welcome Please do still send it, because if it's not an actual infection, we certainly don't want our product detecting it. In fact, if you don't mind, it should be easy to see if it was only detected by the old database and not by the current one. Simply delete the item from the Ignore List, then perform another scan to see if it is still detected. If it isn't, you don't need it in your Ignore List any more, and if it is, please do report it to the researchers in the False Positives forum so that we can get the FP fixed. Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414604 Share Posted April 11, 2011 You're most welcome Please do still send it, because if it's not an actual infection, we certainly don't want our product detecting it. In fact, if you don't mind, it should be easy to see if it was only detected by the old database and not by the current one. Simply delete the item from the Ignore List, then perform another scan to see if it is still detected. If it isn't, you don't need it in your Ignore List any more, and if it is, please do report it to the researchers in the False Positives forum so that we can get the FP fixed.exile360,OK, I'll do it, in the meantime this from properties:C:\Program Files\Fox6\3rdParty\punylib.dllv. 1.0.0.3CodeLibCNNICChinese (PRC)52.0 KB (53,248 bytes) Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414607 Share Posted April 11, 2011 About that log file. Gmail blocks zip files and RAR is less than useful with my archive program, how about 7z files? (Additionally, please attach the file with your post. Make sure it is in ZIP or RAR format.) Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414608 Share Posted April 11, 2011 7z should be OK I think. Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414618 Share Posted April 11, 2011 7z should be OK I think.exile360,Done (7z)... FYI. new version of MalwareBytes also flagged the file after I removed it from the ignore list (rebooted) and then (of course) put it back into the ignore list. <g>Tks again. Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414623 Share Posted April 11, 2011 The scan log you posted doesn't show that detection, only the image does:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6337Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187024/11/2011 6:15:21 PMmbam-log-2011-04-11 (18-15-00).txtScan type: Quick scanObjects scanned: 169131Time elapsed: 8 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\documents and settings\One\start menu\Programs\syscleaner (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]Files Infected:c:\documents and settings\One\start menu\Programs\syscleaner\sysclean.com.pif (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]c:\documents and settings\One\start menu\Programs\syscleaner\sysclean_faq.doc.lnk (Rogue.sysCleaner) -> No action taken. [497857c1ef11b24e258d1b159073db25]c:\WINDOWS\Explorer.win (Heuristics.Reserved.Word.Exploit) -> No action taken. [f0d177a1e11f718febe3ea71f50f43bd]They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself. Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414633 Share Posted April 11, 2011 The scan log you posted doesn't show that detection, only the image does:They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself.exile360,Sure. I'll do that now. Link to post Share on other sites More sharing options...
exile360 Posted April 11, 2011 ID:414634 Share Posted April 11, 2011 Thanks Link to post Share on other sites More sharing options...
nord Posted April 11, 2011 Author ID:414637 Share Posted April 11, 2011 The scan log you posted doesn't show that detection, only the image does:They'll need a developer log that shows that file being detected in order to determine why it's being hit. They may also require a copy of the file itself.exile360,FYI, the 3 files listed as infected don't actually seem to be such: Right Click in Windows Explorer with both MalwareBytes and Avast6 came up with nothing.(I do have SysClean on my HD. Explorer.Win is a known exploit, but this one seems not to be. Link to post Share on other sites More sharing options...
nord Posted April 12, 2011 Author ID:414672 Share Posted April 12, 2011 exile360,Sure. I'll do that now.OK, it took awhile, but I ran a complete scan using RUN and I attach the log file here, along with the small punylib.dll in 7zmbam-log-2011-04-11 (21-20-28).7z Link to post Share on other sites More sharing options...
exile360 Posted April 12, 2011 ID:414785 Share Posted April 12, 2011 Thanks I see that Nosirrah has responded to your False Positive topic and says that this should be fixed. Thanks a lot for helping us remove a FP from our database . Link to post Share on other sites More sharing options...
nord Posted April 12, 2011 Author ID:414851 Share Posted April 12, 2011 Thanks I see that Nosirrah has responded to your False Positive topic and says that this should be fixed. Thanks a lot for helping us remove a FP from our database .exile360,Saw his posts after yours, which is why once I finished the complete run, I posted to you not him with logs, etc. I'll go look at his post now. Thanks. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now