• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Trojan in Malwarebytes Free

I was just rreading a 2014 forum thread re Malwarebytes ans trojans

I just downloaded the 'free' Malwarebytes after being prompted to update.I only use the free version and only scan monthly for malware.

Instead of getting the usual free version it kept installing a free trial version. Norton warned this was very new and only 4 Norton users had downloaded it, I thought as Malwarebytes it will be OK (direct from their site).

After the third installation, I ran a scan. It found a trojan, situated in the new Malwarebytes program!

I have uninstalled Malwarebytes now as it has made me nervous and I'm waiting for their response to my email about this.

I just wondered if anyone else has expereienced this problem.

Replies

Kudos0

Re: Trojan in Malwarebytes Free

Norton has detected what I am sure is a false positive in Malwarebytes quite a few times.  I think it has something to do with the Malwarebytes definitions.  In the Premium version of Malwarebytes you can enable Self Protection which stops this.  I don't know if that is available in the free version of not.

I hope that helps a little.

Cheers.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Trojan in Malwarebytes Free

Thanks for the reply, but I wasn't clear enough. It was the Malwarebytes scan that showed up the Trojan in it's own program!

Kudos0

Re: Trojan in Malwarebytes Free

not sure about the Trojan aspect, but as for the installing the trial version issue, if I recall during the installation process you need to uncheck the "install free trial" option to get the free version to install.
Kudos0

Re: Trojan in Malwarebytes Free

I've been using Malwarebytes for years, I think that option has disappeared, I did the usual, clicked Download FREE version, tried it three times, it installed the trial every time and Norton warned each time 'needs attention' Said only 4 people in Norton Community had used it and it was a new file only a couple of weeks old.

I was going direct to the true site, but I'm not touching it again 'til they reply to my email, they seem a bit slow!

Kudos0

Re: Trojan in Malwarebytes Free

I just launched it and got the "newer version ready to be installed"...... i think i shall hold off now.
Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

I've been using Malwarebytes for years, I think that option has disappeared, I did the usual, clicked Download FREE version, tried it three times, it installed the trial every time and Norton warned each time 'needs attention' Said only 4 people in Norton Community had used it and it was a new file only a couple of weeks old.
I was going direct to the true site, but I'm not touching it again 'til they reply to my email, they seem a bit slow!

you may Close X Upgrade Now window and run Trial or Close X Upgrade Now window and turn off Real-Time Protection.Free source: https://www.malwarebytes.com/mwb-download/

https://www.malwarebytes.com/support/guides/mbam/Settings2.html?lang=en#rtp

https://www.malwarebytes.com/support/guides/

Kudos0

Re: Trojan in Malwarebytes Free

Well you could try it, see if Norton flags it like it did mine. If it says Trial version, they have obviously changed something.

If you do install it, run a Malwarebytes scan, see if it quarantines the program and flags it as being in the Malwarebytes, if yes like mine, uninstall!

I'll post the reply I get from Malwarebytes, I told them about this two days ago, still waiting!

Kudos0

Re: Trojan in Malwarebytes Free

Krusty13:

Norton has detected what I am sure is a false positive in Malwarebytes quite a few times.  I think it has something to do with the Malwarebytes definitions.  In the Premium version of Malwarebytes you can enable Self Protection which stops this.  I don't know if that is available in the free version of not.
I hope that helps a little.
Cheers.

IDK what happens to Enable self-protection module switches upon trial expire.
With Reat-Time Protection OffEnable self-protection module switches remains at default.

YMMV

Startup Options

These settings define how Malwarebytes will behave when your computer starts. You may launch several applications at startup, and they may initiate startup processes which require Malwarebytes launch timing to be adjusted. Let's look at each setting in detail.

  • Start Malwarebytes at Windows startup: If this setting is off, Malwarebytes will not start with Windows. No real-time protection layers will start when Windows starts, though they may still be started manually by launching Malwarebytes.
  • Delay Real-Time Protection when Malwarebytes starts: There may be times when the startup of system services used by Malwarebytes conflicts with services required by other applications at boot time. When this is the case, turn this setting on. You may also adjust the delay timing. You will need to experiment with the specific delay setting necessary to compensate for any conflicts that are noted. When required, this must be done on a case-by-case basis. The delay setting is adjustable from 15-180 seconds, in increments of 15 seconds.
  • Enable self-protection module: This setting controls whether Malwarebytes creates a safe zone to prevent malicious manipulation of the program and its components. Checking this box introduces a one-time delay as the self-protection module is enabled. While not a negative, the delay may be considered undesirable by some users. When unchecked, the "early start" option which follows is disabled.
  • Enable self-protection module early start: When self-protection is enabled, you may choose to enable or disable this option. When enabled, the self-protection module will become enabled earlier in the computer's boot process, essentially changing the order of services and drivers associated with your computer's startup.

https://www.malwarebytes.com/support/guides/mbam/Settings2.html?lang=en#startup 

Kudos0

Re: Trojan in Malwarebytes Free

Ah yes, good screenshots, that's what I got when I said install free version, I got exactly that, I think Malwarebytes has got tired of a lot of us using the proper free version.

Anyone know an alternative free version of a Malware seeker?

Kudos2 Stats

Re: Trojan in Malwarebytes Free

R Palmer:

Thanks for the reply, but I wasn't clear enough. It was the Malwarebytes scan that showed up the Trojan in it's own program!

Hi R Palmer:

There has been a slight change in the way you switch to the free version of Malwarebytes.   With the old Malwarebytes Anti-Malware (MBAM) v2.x the installer prompted users to decline the 14-day trial during the last step of the installation process.  The new Malwarebytes (MB) v3.x installer now requires users to go to Settings | Account and click Deactivate Premium Trial after MB v3.x is installed as described the support article How-To: Deactivate Trial version in Malwarebytes 3.

When you downloaded the MB v3.x installer from the official site did you download from the main website at https://www.malwarebytes.com/free/ or the direct download link at https://downloads.malwarebytes.com/file/mb3?  Both links are currently downloading a 66,806 KB installer named mb3-setup-consumer-3.2.2.2029.exe.  I just submitted that installer for a SHA-256 hash analysis to VirusTotal.com and the report at https://www.virustotal.com/#/file/d02b91b47647a7545e7bb021711bbaf4cb7045d2088a39cce5b6e3c8ceb3eda0/detection shows that over 80 scan engines report that installer is safe.

Krusty13:

Norton has detected what I am sure is a false positive in Malwarebytes quite a few times.  I think it has something to do with the Malwarebytes definitions...

Apologies in advance if I misunderstood, but I think Krusty13 was referring to .tmp files in Malwarebytes folders that are sometimes detected as false positives by Norton scans.  See Pkshadow's thread NS scan finds malware in a Malwarebytes/temp file for one example of a user that would see temporary Malwarebytes files flagged as a possible Trojan by Norton after they installed MBAM v2.x in a custom folder on their D:\ drive.

It sounds like you are talking about a Malwarebytes scan that is detecting a Malwarebytes file as a Trojan.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.1.10 * MB Premium v3.2.2

Kudos0

Re: Trojan in Malwarebytes Free

Hi Imacri,

Thanks.  I found Deactivate.

and now @Krusty13 re Enable self-protection module


Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

[...]

After the third installation, I ran a scan. It found a trojan, situated in the new Malwarebytes program!

[..]

Can you post details from your Norton log about the detection?

Kudos0

Re: Trojan in Malwarebytes Free

Thanks for that info, it is strange they have to complicate things like this!

Yes it was a Malwarebytes scan that found the Trojan in its own program!

Kudos0

Re: Trojan in Malwarebytes Free

It wasn't a Norton scan, it was a Malwarebytes scan that found the Trojan in its own program!

I tried the scan after the third go at installation, after it found a Trojan in its own program, I uninstalled it and emailed Malwarebytes.

I will post their reply when it comes

Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

It wasn't a Norton scan, it was a Malwarebytes scan that found the Trojan in its own program!

I tried the scan after the third go at installation, after it found a Trojan in its own program, I uninstalled it and emailed Malwarebytes.

I will post their reply when it comes

Oh.. ok. Missed that. Post that log then, for reference.

Kudos0

Re: Trojan in Malwarebytes Free

Sorry I didn't reply to this part:

>>>>>>>>>>>>>>>>>>>>>>

When you downloaded MB v3 from the official site did you download from the main website at https://www.malwarebytes.com/free/ or the direct download link at https://downloads.malwarebytes.com/file/mb3?  Both links are currently downloading a 66,806 KB installer named mb3-setup-consumer-3.2.2.2029.exe.  I just submitted that installer for a SHA-256 hash analysis to VirusTotal.com and the report at https://www.virustotal.com/#/file/d02b91b47647a7545e7bb021711bbaf4cb7045... shows that over 80 scan engines report the installer is safe.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I actually tried both these sites and each time Norton flagged as 'need attention' said there was not enough information to give it a clear. I went ahead after the third installation try and did the scan using my new Premium Trial Malwarebytes, that's when it quarantined a Trojan contained in its own newly installed program!

Kudos0

Re: Trojan in Malwarebytes Free

Unfortunately as soon as I saw that, I uninstalled the program, thought they had been hacked or something, so I can't even remember what the Trojan's full name was!

Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

Unfortunately as soon as I saw that, I uninstalled the program, thought they had been hacked or something, so I can't even remember what the Trojan's full name was!

Your log may still exist saved somewhere. I don't know exactly where the log is saved, someone else my add additional info.

Kudos3 Stats

Re: Trojan in Malwarebytes Free

R Palmer:

I actually tried both these sites and each time Norton flagged as 'need attention' said there was not enough information to give it a clear. I went ahead after the third installation try and did the scan using my new Premium Trial Malwarebytes, that's when it quarantined a Trojan contained in its own newly installed program!

Hi R Palmer:

The File Insight report for the mb3-setup-consumer-3.2.2.2029.exe installer I downloaded today (Security | History  | Show | Download Insight) says "Tens of thousands of users" and "released 12 days ago".  If you click the Check for New Rating link in your File Insight report as shown below it should check again for the latest trust ratings for the installer and might give the file a Good trust rating this time.

Just an FYI, though.  I have MB Premium v3 and find that the real-time Web Protection sometimes interferes with connections to the Symantec's backend Insight servers - see my comments <here> in the Malwarebytes forum about how this sometimes causes Norton Download Insight to throw one of these "no available reputation information" warnings on my 32-bit machine. I currently have Web Protection disabled in MB Premium v3.2.2 to prevent these connection problems but once you switch from the 14-day trial version of MB Premium (with real-time protection enabled) to MB Free (no real-time protection) you shouldn't have to worry about possible conflicts with Norton.

password_password:

Your log may still exist saved somewhere. I don't know exactly where the log is saved, someone else my add additional info.

MB v3.x scan logs are now stored in the %PROGRAMDATA%\Malwarebytes\MBAMService\ScanResults folder as .json (i.e., not formatted .txt or .log) files - see exile360's post in the Malwarebytes thread Where are the log files stored in version 3.1x.  I don't know if your scan logs were deleted when you uninstalled MB v3, but if they are still stored on your hard drive you might be able to find some useful information about the Trojan detection by right-clicking on the .json file and choosing to open with a text editor like Notepad (although the formatting will be a bit messy).

------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.1.10 * MB Premium v3.2.2

Kudos0

Re: Trojan in Malwarebytes Free

lmacri:

MB v3.x scan logs are now stored in the %PROGRAMDATA%\Malwarebytes\MBAMService\ScanResults folder as .json (i.e., not formatted .txt or .log) files.....

Hi R Palmer:

Without more information, my best guess is that a problem occurred during the download of your mb3-setup-consumer-3.2.2.2029.exe installer that caused the download to abort and corrupt the installer. That could have triggered MB to flag the installer as a suspected Trojan when it scanned the file.

If your Malwarebytes .json scan logs were deleted when you uninstalled MB v3.2.2, the only other suggestion I have is that you open your Norton File Insight report for the "problem" mb3-setup-consumer-3.2.2.2029.exe installer at Security | History  | Show | Download Insight [the log entry will likely have a severity of Low (yellow), Medium (orange) or High (red) instead of Info (blue)], click the Copy to Clipboard link, and then paste the contents of that report into your next post.  That might give us some information about whether there was a partial download (e.g., the filename ended with .exe.part instead of .exe) or the SHA-256 hash (digital signature) of the installer was altered.

Here's a partial extract of my own detailed log for the "safe" mb3-setup-consumer-3.2.2.2029.exe installer:

____________________________

Many Users:  Tens of thousands of users in the Norton Community have used this file.
New:               This file was released 13 days ago.
Good:             Norton has given this file a good rating.
___________________________

https:// data-cdn.mbamupdates.com/web/mb3-setup-consumer/mb3-setup-consumer-3.2.2.2029.exe
____________________________

File Thumbprint - SHA:
d02b91b47647a7545e7bb021711bbaf4cb7045d2088a39cce5b6e3c8ceb3eda0
File Thumbprint - MD5:
bb8435aea68e5bcb2fc93d68c10c6de0

------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.1.10 * MB Premium v3.2.2

Kudos0

Re: Trojan in Malwarebytes Free

Thanks for this imacri, I can't find any reference to it in Norton, maybe because it only flagged the download as needing attention.

The Trojan would've shown in Malwarebytes, but I uninstalled the program just in case, so no record.

I'll just have to see what Malwarebytes support says....if they ever reply!

Kudos0

Re: Trojan in Malwarebytes Free

ohhh, so old, that is interesting to compare 

Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

[...]

The Trojan would've shown in Malwarebytes, but I uninstalled the program just in case, so no record.

[...]

We are saying the log may be left behind. Go to:

%PROGRAMDATA%\Malwarebytes\MBAMService\ScanResults\

You can zip and upload if you want, or you can examine the file yourself (it may be hard to read).

Kudos0

Re: Trojan in Malwarebytes Free

Thanks! Looking for that log. I found a Malwarebytes folder, couldn't open any logs, but one file was setup. I was surprised as when I uninstalled the program, I didn't think any of Malwarebytes remained!

Anyway, I ran setup, then using Imacri's instructions above, I was able to get rid of the Trial version , must say it is certainly more complicated than the old Free Version download, I'm sure most users will never know that process.

I ran a scan, no Trojan, zero problems, so all is well. Thank you all for your help.

Kudos0

Re: Trojan in Malwarebytes Free

Copy of my message to Password-password below!

Thanks! Looking for that log. I found a Malwarebytes folder, couldn't open any logs, but one file was setup. I was surprised as when I uninstalled the program, I didn't think any of Malwarebytes remained!

Anyway, I ran setup, then using Norton Fighter's instructions above, I was able to get rid of the Trial version , must say it is certainly more complicated than the old Free Version download, I'm sure most users will never know that process.

I ran a scan, no Trojan, zero problems, so all is well. Thank you all for your help.

Kudos0

Re: Trojan in Malwarebytes Free

Hi imacri, 

Here is the reply I sent to Password-password below: Thanks for that de-activate tip, pity the thousands of MWB users who will never get that!

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks! Looking for that log. I found a Malwarebytes folder, couldn't open any logs, but one file was setup. I was surprised as when I uninstalled the program, I didn't think any of Malwarebytes remained!

Anyway, I ran setup, then using imacri's instructions above, I was able to get rid of the Trial version , must say it is certainly more complicated than the old Free Version download, I'm sure most users will never know that process.

I ran a scan, no Trojan, zero problems, so all is well. Thank you all for your help.

Kudos0

Re: Trojan in Malwarebytes Free

Anyway, I ran setup, then using Imacri's instructions above, I was able to get rid of the Trial version , must say it is certainly more complicated than the old Free Version download, I'm sure most users will never know that process.

I ran a scan, no Trojan, zero problems, so all is well. Thank you all for your help.

Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

Thanks! Looking for that log. I found a Malwarebytes folder, couldn't open any logs, but one file was setup. I was surprised as when I uninstalled the program, I didn't think any of Malwarebytes remained!

They may be difficult to read / open. If you zip the log files you found you should be able to upload them here.

Kudos0

Re: Trojan in Malwarebytes Free

R Palmer:

[..], I was able to get rid of the Trial version , must say it is certainly more complicated than the old Free Version download, I'm sure most users will never know that process.

Yeah, I missed Deactivate Premium Trial until Imacri pointed to the support article How-To: Deactivate Trial version in Malwarebytes 3.  

Kudos0

Re: Trojan in Malwarebytes Free

Thanks to all of you!

This thread is closed from further comment. Please visit the forum to start a new thread.