Malwarebytes detected ransomware in byond

BYOND Forums

Announcements · BYOND Help · Bug Reports · Feature Requests · Beta Testers · Beta Bugs · Developer Help · Design Philosophy · Demos & Libraries · Tutorials & Snippets · Art & Sound · Classified Ads · Game Updates · Contests & Events · Linux Talk · On Topic · Off Topic

ID:2232203 Apr 4 2017, 2:59 pm
DyslexicWizard	So is it safe? Should I delete and re install or does that mean it could be malware?

Apr 4 2017, 6:39 pm
Lummox JR	That's a false positive. I'd like to know the exact URL you downloaded, and you should report the false positive to MalwareBytes.

Apr 4 2017, 7:16 pm

Lummox JR

Out of safety I think you may also want to delete and reinstall, on the off chance that other malware already on your system may have simply infected the files.

I can tell you for sure there are no viruses in BYOND, and also I just checked the installers for both the most recent stable and beta versions, just to see if either one has been flagged for false positives by other antivirus software; both came up clean on virustotal.com which tracks such things.

Apr 5 2017, 6:19 am In response to Lummox JR
DyslexicWizard	I reinstalled and nothing has come up so far, also the url is from the byond site http://www.byond.com/download/ it was windows 510 the 511beta has not come up with a malware detection.

Apr 5 2017, 9:14 am
Lummox JR	Both files are most definitely clean. Either MB had a false positive, or it's possible some malware on your system infected the file you had already downloaded or installed.

Apr 5 2017, 10:19 am In response to Lummox JR
DyslexicWizard	think it might have been false, just ran 3-4 scans with different programs and one offline scan and nothing.

Apr 13 2017, 2:46 am
Exemida	This just happened to me as well, I seem to have resolved it by scanning literally everything I could see and deleting Byond entirely, after telling Malwarebytes to delete said Ransomware It restarted the computer. I than reinstalled Byond since then I've had no issues. Even if you delete Byond make sure you delete the files left behind just to be safe like the cache files and folders.

Apr 13 2017, 7:51 am (Edited on Apr 13 2017, 8:12 am)

Lummox JR

The same problem was in this thread as well:

http://www.byond.com/forum/?post=2234918

MalwareBytes is detecting a false positive, so it's very important to report that to them if you see it.

[edit]
More info from MB themselves is here, on how to report a false positive.

https://forums.malwarebytes.com/topic/ 3228-please-read-before-reporting-a-false-positive/

I encourage you also to offer MalwareBytes our support link if they have a place to do so when you report the false positive, so that they can get in contact with me if they have any questions.

Apr 13 2017, 2:24 pm
MrStonedOne	The signature triggers for any unsigned program that setups a hook to delete a file on reboot.

Apr 13 2017, 2:26 pm
MrStonedOne	False positives like this are why i encourage people to stop using antivirus software that isn't windows defender or nod32 (and the jury is still out on nod32)