Malwarebytes Quarantines sitemap-setup.tmp as Ransomware

Started by ITZAP, February 20, 2017, 07:44:08 PM

ITZAP

Those who have the latest "Malwarebytes" v3.0.6 installed will encounter this issue upon installing an update to "A1 Sitemap Generator".



Since the "sitemap-setup.tmp" file is (incorrectly) detected by Malwarebytes as Ransomware and automatically quarantined, the update to A1 Sitemap Generator therefore does not complete properly.

The solution I found was to "Quit Malwarebytes" (right-click icon in taskbar) and then run the "sitemap-setup.exe" file once again. The install routine will complete properly, as usual. Then you can load Malwarebytes again and run latest version of A1 Sitemap Generator without issue.
Gary

Webhelpforums

#1
Thank you for reporting this - we will report the false positive to Malwarebytes

Relevant pages seem to be:

https://support.malwarebytes.com/customer/portal/articles/1835387-how-do-i-report-a-false-positive-found-using-malwarebytes-anti-malware-for-business-?b_id=6442

https://forums.malwarebytes.com/forum/42-file-detections/

https://www.malwarebytes.com/support/business/#techhelp

Do please also feel free to submit a false positive / bug report to them if possible.




I have submitted the case here:
https://forums.malwarebytes.com/topic/196634-program-or-installer-detected-as-ransomware/

And an additional question here:
https://forums.malwarebytes.com/topic/196850-getting-log-of-runtime-detection/

And another additional question here:
https://forums.malwarebytes.com/topic/196854-if-somehing-is-reported-as-ransomware-is-that-the-same-as-a-pup/

Quote
We found out from a customer that when installing the current version of A1 Sitemap Generator - one of the temporary files generated during installation is flagged and quarantined (sitemap-setup.tmp)

Starting mbam.exe with /developer command line does not help much as the false positive is not reported when doing a right click scan.

(And I have been unable to find any log by mbam after the quarantine during the installation.)


You can download the tool from here
http://www.microsystools.com/products/sitemap-generator/


You can find latest report by virus total report

URL (0 / 64)
https://www.virustotal.com/en/url/05bd8f7aa4017f809a984b73ea8cc83b0b8691088dcfdd6488ca76783c57a02d/analysis/1487695458/

Download (0 / 58)
https://www.virustotal.com/en/file/a683208a09a8ff6415a5530f09437d313c6fe749d0586818f57ae9e9e7110852/analysis/1487695464/


For reference:

The installer + all the executables are signed.

  • Executables are created in Delphi 2007 to Delphi XE2
  • 3 executables are included installed during installation.
  • The "best" depending on OS and 32/64bit is then selected as default sitemap.exe during installation which the desktop shortcuts etc.
  • Installer is InnoSetup.

If I can get logging working, I will be happy to report that.

Below the above, I have also posted a copy of the report you posted here including the work-around.

Update:
A full week in - and no response related to the false detection whatsoever. Have now posted in another more used subforum for false positives:
https://forums.malwarebytes.com/topic/197002-realtime-scanner-detects-my-software-during-installation-as-ransomware-if-first-installed-no-problem/
TechSEO360 | MicrosysTools.com  | A1 Sitemap Generator, A1 Website Analyzer etc.

Webhelpforums

After posting in the other subforum - the problem was fixed very quickly by Malwarebytes

So problem has been solved

(just update to newest version / newest definitions)
TechSEO360 | MicrosysTools.com  | A1 Sitemap Generator, A1 Website Analyzer etc.

More About Our Webmaster Tools for Windows and Mac