Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes Anti-Ransomware triggering on MSYS2 (pacman.exe)


  • Please log in to reply
1 reply to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 16 June 2017 - 02:04 PM

Hello everyone,

 

I'm posting here on the advice of sasschary, who was helping me with this problem in the "Am I Infected?" board (located at: https://www.bleepingcomputer.com/forums/t/649245/malwarebytes-anti-ransomware-and-msys2-false-positives/)

 

As a brief summary of the problem, whenever I have tried installing and updating MSYS2 as of lately (6/13/17), either MalwareBytes is interrupting the MSYS2 update process, causing the installation to break and render it unable to delete unless rebooted (pacman.exe ignores my administrator rights), or pacman.exe is going into super-administrator mode on its own, breaks the installation, and then MalwareBytes flags the action. Either way, any time I've tried to run MSYS2, I get a notification of ransomware on my computer, but MalwareBytes is unable to scan or move the file. What should I do?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:39 AM

Posted 16 June 2017 - 02:47 PM

Hi HighTide1,

This looks like a false positive from the Anti-Ransomware module, so I would report it directly on the Malwarebytes Forums so the team can address it.

https://forums.malwarebytes.com/forum/191-ransomware/

If you can provide an exempt of the log or notification showing the block, and the file that is detected (in a .zip), it'll help them a lot as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users