Malwarebytes Update causes Massive false positives.

[Phone Man]

A definition update for Malwarebytes causes Trojan.Donloader.ED false positive on a massive amount of files that it can disable your system. It was corrected with new update. It hit me this afternoon and sure glad I had a recent Macrium Refresh image.


***False positive Trojan.Downloader.ED*** - Malwarebytes Forum

Jim

 

[Berkey]

So as long as I update as of now, this shouldn't be a problem then? If so I might had dodged a bullet as I was going to run a full scan when I went to bed

 

[Phone Man]

So as long as I update as of now, this shouldn't be a problem then? If so I might had dodged a bullet as I was going to run a full scan when I went to bed

Your lucky, I was online and my Pro version runs a flash scan after each update. The latest update fixed the problem so you should be fine.

Jim

 

[Berkey]

So as long as I update as of now, this shouldn't be a problem then? If so I might had dodged a bullet as I was going to run a full scan when I went to bed

Your lucky, I was online and my Pro version runs a flash scan after each update. The latest update fixed the problem so you should be fine.

Jim

Thanks for the heads up Phone Man

 

[COMPUTIAC]

I got hit pretty good with this yesterday.
MBAM Pro went crazy all of a sudden, flashing warnings and quarantining files at a pace I never saw before.
It disabled security scanners, start button and more.
Managed to do a hard shutdown, restarting did nothing, could not start any programs at all, Win7 was DOA.
Another shutdown, did a system restore point and went back to what appears to be normal so far.
I disabled MBAM, then removed it with Revo, downloaded a new copy 3 hours later.
All files in quarantine would not restore, so had to look in sys32 and other places to be sure they were there, very time consuming.
After verifying everything, I deleted all from quarantine.

This shows the chaos : http://forums.malwarebytes.org/index.php?showtopic=125127&st=0

 

[HarryHusker]

Wow, I was going to download and run MBAM yesterday on a different system but got distracted- sure am glad I didn't!

 

[Golden]

Yikes! It looks like chaos......but strangely, I had no issues at all

 

[maxie]

No bother here either working fine On my Windows 8 system

 

[COMPUTIAC]

Yikes! It looks like chaos......but strangely, I had no issues at all

Your very lucky.
There was one person who knew he would be going to face a mountain of disasters this morning as he had 600 machines which he believed were damaged by this. IT person I'm guessing.
Others were threatening law suits, some wanted monetary compensation.
I'm guessing today is a very busy day for a lot of people around the world.

 

[Golden]

The Enterprise version just knocked all the computers connected to this product out. Thank god were only evaluating it on a couple computers. Forefront may suck, but at least its not taking our systems out.

^ Off the Malwarebytes forum......they are going to have to work hard to regain some credibility it would appear. In the meantime, I'm taking the safe option and turning OFF automatic quarantining:



If your system is completely hosed as some are reporting, then this is apparently the fix:

http://forums.malwarebytes.org/index.php?showtopic=125137

 

[COMPUTIAC]

OK, thank's

Just did it to mine also.
Still waiting for CS to get back to me as I can not re-register it. It did not do it automatically and I lost the ID and key #

 

[DavidE]

The Enterprise version just knocked all the computers connected to this product out. Thank god were only evaluating it on a couple computers. Forefront may suck, but at least its not taking our systems out.

^ Off the Malwarebytes forum......they are going to have to work hard to regain some credibility it would appear. In the meantime, I'm taking the safe option and turning OFF automatic quarantining:

View attachment 264356

If your system is completely hosed as some are reporting, then this is apparently the fix:

***False positive Trojan.Downloader.ED*** - Malwarebytes Forum

I got burned on the last two recent FP's...
I'm trying to make sure nothing gets quarantined/deleted automatically going forward.
I just want to be notified if anything malicious is found, but I'm not sure if that's possible.
In addition to Golden's screen print, there are some other settings that may come into play.
Does anyone know what settings to use for all of these?







I think I can turn everything off, but then will I ever know if there is any malware detected?

 

[senseless1707]

Thanks for the heads up phoneman, I'll check this out when I get home on my machine there.

 

[Phone Man]

Thanks for the heads up phoneman, I'll check this out when I get home on my machine there.

Be sure to run an update before running a scan. That way you get a new definition file.

Jim

 

[derekimo]

Hosed my neighbors computer, finishing up a clean install right now... probably needed it anyway.

I was impressed that the computer was still running with over 2000 Trojans, big shot in the foot for MBAM.

 

[carwiz]

"The offending database was v2013.04.15.12, and was live for only 8 minutes."

Glad I was a little late updating. I run the free version and mark all "check for removal". The free version doesn't have Scheduling with the auto quarantine.