Recent

Author Topic: I have a Ransomware in a lazarus file!!!!! False detecting[Solved]  (Read 2232 times)

Robert W.B.

  • Sr. Member
  • ****
  • Posts: 328
  • Love my Wife, My Kids and Lazarus/Freepascal.
Malwarebytes detected and block this file : Malware.Ransom.Agent.Generic    !!!! the loacation is: C:\lazarus\mingwx86_64-win64\bin\gdb.exe 
The ransomware is in the debugger file! I can't work with Lazarus without the debugger!
What to do now?

I was working in Lazarus when lazarus chrashed! A dialog appeared that say, Opps! Time to save your work and than suddenly, the malwarebytes gives a warning and blocked the debugger file!
 I scan the debugger file with https://www.virustotal.com/ and the file was Clean.
Malwarebytes gives a False ransomware detection in Lazarus.
 Thanks Akira1364 for the Quick replay.
Oh by the way Molly. I was to quick to write the message on the Lazarus forum, I admit. I just I saw my entire World were chrashing. Must be good to be that skilled of yours and have that unfailed quick thinking, of yours so, have merci on me. :-[

Best regards
Bob


Robbanux
« Last Edit: November 20, 2017, 04:59:14 am by Bob the Swede »
Rob

molly

  • Hero Member
  • *****
  • Posts: 2330
Re: IMPORTANT!!!Panic!!!I have a Ransomware in a lazarus file!!!!! new
« Reply #1 on: November 20, 2017, 04:18:17 am »
What to do now?
You should ignore the nonsense that malwarebytes produces *period*

There is no need to harass people here with these kind of messages, rather you should harass the people at malwarebytes as they get payed for producing retarded software in order to give you a false sense of security.

If you ever wish to take such messages serious then you should not rely on one single piece of software alone and let other (more sophisticated and trustworthy) scanners verify the result(s). If those also report the same _then_ there might perhaps be a reason to panic.

edit: fwiw and afaik original 64-bit gdb.exe used by lazarus can be found here. Verify the size and checksum with yours and in case they match then you've a) proven the correctness of my above ramblings and b) you're safe  :)
« Last Edit: November 20, 2017, 04:36:31 am by molly »

Akira1364

  • Hero Member
  • *****
  • Posts: 561
Re: IMPORTANT!!!Panic!!!I have a Ransomware in a lazarus file!!!!! new
« Reply #2 on: November 20, 2017, 04:41:02 am »
AFAIK MalwareBytes has an "excluded folders" list as most AV software does. I'd strongly recommend you add your entire root Lazarus and FPC directories to it, as well as whatever directory you store your project folders in, as otherwise you're going to keep getting a whole lot of false positives exactly like this one forever.

(This isn't only an issue with MalwareBytes, by the way... most modern AV software is overly aggressive when it comes to absolutely any executables that aren't "signed".)
« Last Edit: November 20, 2017, 08:38:49 am by Akira1364 »

 

TinyPortal © 2005-2018