Malwarebytes Quarantines sitemap-setup.tmp as Ransomware

  • 2 Replies
  • 658 Views
*

ITZAP

  • Newbie
  • *
  • 2
  • +0/-0
  • IT ZAP Website Design Works
    • View Profile
    • IT ZAP Website Design Works
Malwarebytes Quarantines sitemap-setup.tmp as Ransomware
« on: February 20, 2017, 07:44:08 PM »
Those who have the latest "Malwarebytes" v3.0.6 installed will encounter this issue upon installing an update to "A1 Sitemap Generator".



Since the "sitemap-setup.tmp" file is (incorrectly) detected by Malwarebytes as Ransomware and automatically quarantined, the update to A1 Sitemap Generator therefore does not complete properly.

The solution I found was to "Quit Malwarebytes" (right-click icon in taskbar) and then run the "sitemap-setup.exe" file once again. The install routine will complete properly, as usual. Then you can load Malwarebytes again and run latest version of A1 Sitemap Generator without issue.
« Last Edit: February 20, 2017, 07:56:45 PM by ITZAP »
Gary

*

Webhelpforums

  • Administrator
  • Hero Member
  • *****
  • 1373
  • +6/-0
  • Shared between Microsys, WebHelpForums and helpers
    • View Profile
    • Webmaster and Website Help Forums
Re: Malwarebytes Quarantines sitemap-setup.tmp as Ransomware
« Reply #1 on: February 21, 2017, 02:39:08 AM »
Thank you for reporting this - we will report the false positive to Malwarebytes

Relevant pages seem to be:

https://support.malwarebytes.com/customer/portal/articles/1835387-how-do-i-report-a-false-positive-found-using-malwarebytes-anti-malware-for-business-?b_id=6442

https://forums.malwarebytes.com/forum/42-file-detections/

https://www.malwarebytes.com/support/business/#techhelp

Do please also feel free to submit a false positive / bug report to them if possible.



I have submitted the case here:
https://forums.malwarebytes.com/topic/196634-program-or-installer-detected-as-ransomware/

And an additional question here:
https://forums.malwarebytes.com/topic/196850-getting-log-of-runtime-detection/

And another additional question here:
https://forums.malwarebytes.com/topic/196854-if-somehing-is-reported-as-ransomware-is-that-the-same-as-a-pup/

Quote
We found out from a customer that when installing the current version of A1 Sitemap Generator - one of the temporary files generated during installation is flagged and quarantined (sitemap-setup.tmp)

Starting mbam.exe with /developer command line does not help much as the false positive is not reported when doing a right click scan.

(And I have been unable to find any log by mbam after the quarantine during the installation.)


You can download the tool from here
http://www.microsystools.com/products/sitemap-generator/

 
You can find latest report by virus total report

URL (0 / 64)
https://www.virustotal.com/en/url/05bd8f7aa4017f809a984b73ea8cc83b0b8691088dcfdd6488ca76783c57a02d/analysis/1487695458/

Download (0 / 58)
https://www.virustotal.com/en/file/a683208a09a8ff6415a5530f09437d313c6fe749d0586818f57ae9e9e7110852/analysis/1487695464/

 
For reference:

The installer + all the executables are signed.
  • Executables are created in Delphi 2007 to Delphi XE2
  • 3 executables are included installed during installation.
  • The "best" depending on OS and 32/64bit is then selected as default sitemap.exe during installation which the desktop shortcuts etc.
  • Installer is InnoSetup.


If I can get logging working, I will be happy to report that.

Below the above, I have also posted a copy of the report you posted here including the work-around.

Update:
A full week in - and no response related to the false detection whatsoever. Have now posted in another more used subforum for false positives:
https://forums.malwarebytes.com/topic/197002-realtime-scanner-detects-my-software-during-installation-as-ransomware-if-first-installed-no-problem/
« Last Edit: February 28, 2017, 07:32:50 PM by Webhelpforums »
MicrosysTools.com | Website and SEO Software for webmasters | A1 Sitemap Generator, A1 Website Analyzer etc.

*

Webhelpforums

  • Administrator
  • Hero Member
  • *****
  • 1373
  • +6/-0
  • Shared between Microsys, WebHelpForums and helpers
    • View Profile
    • Webmaster and Website Help Forums
Re: Malwarebytes Quarantines sitemap-setup.tmp as Ransomware
« Reply #2 on: March 03, 2017, 10:28:30 AM »
After posting in the other subforum - the problem was fixed very quickly by Malwarebytes

So problem has been solved

(just update to newest version / newest definitions)
MicrosysTools.com | Website and SEO Software for webmasters | A1 Sitemap Generator, A1 Website Analyzer etc.

 




See Our Webmaster Tools for Windows and Mac

A1 Sitemap Generator
      
A1 Website Analyzer
      
A1 Keyword Research
      
A1 Website Download
      
A1 Website Search Engine
      
A1 Website Scraper