MalwareBytes issues with Vistumbler

Post Reply
werdnanostaw
Newbie
Posts: 1
Joined: Tue Aug 04, 2015 7:18 am

MalwareBytes issues with Vistumbler

Post by werdnanostaw »

Malwarebytes doesn't like 3 Vistumbler items:

1 Registry key
2 Files

Also, it wouldn't allow me to access vistumbler.net or forum.techidiots.net.

MalwareBytes says:

Remediation
If you recognize the detected file as legitimate, please let us know so we can whiltelist the file. If you are not sure, keep the file in quarantaine. When we receive a copy through our telemetry we will investigate and give it a detection name that tells you more about what it is exactly.

You may wish to contact them to remediate these problems.

www.malwarebytes.com

-Log Details-
Scan Date: 02/01/2021
Scan Time: 07:00
Log File: 2d97f78e-4c85-11eb-bbc5-5800e356cdee.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35141
Licence: Trial

-System Information-
OS: Windows 10 (Build 19041.685)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 303015
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 6 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vistumbler, No Action By User, 0, 392686, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\VISTUMBLER\UNINSTALL.EXE, No Action By User, 0, 392686, 1.0.35141, , shuriken, , FA6B7BE57792FA0963C0EF83308523FE, CAF5FEF5F650E5AF2D5B5756646D47FF68ADDA5FB627E10B98718724F05A32BA

MachineLearning/Anomalous.100%, C:\USERS\ANDREW\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\406AOU58\UNINSTALL[1].EXE, No Action By User, 0, 392687, 1.0.35141, , shuriken, , FA6B7BE57792FA0963C0EF83308523FE, CAF5FEF5F650E5AF2D5B5756646D47FF68ADDA5FB627E10B98718724F05A32BA

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
User avatar
ACalcutt
Vistumbler / TechIdiots Admin
Vistumbler / TechIdiots Admin
Posts: 1280
Joined: Sun Oct 21, 2007 6:50 pm
Location: Rutland, MA
Contact:

Re: MalwareBytes issues with Vistumbler

Post by ACalcutt »

My suggestion is to follow their remediation steps and/or contact them and let them know. I have found working with AV companies to be quite useless so I no longer do.

The only registry information Vistumber writes is related to Uninstall, which is required by microsoft (so it shows in 'programs and features' to uninstall). All other settings are stored in an ini config file in %Appdata%/Vistumbler. If you do not want this registry information we offer a zip and portable version which do not write registry.

Vistumbler exes are just Autoit3 compiled versions of the au3 text in the Vistumbler directory. The are compiled and signed with my own digital signature.
User avatar
ACalcutt
Vistumbler / TechIdiots Admin
Vistumbler / TechIdiots Admin
Posts: 1280
Joined: Sun Oct 21, 2007 6:50 pm
Location: Rutland, MA
Contact:

Re: MalwareBytes issues with Vistumbler

Post by ACalcutt »

I should also note, you can always compile your own au3 files. You can get the latest source code here ( https://github.com/acalcutt/Vistumbler/ ... tumblerMDB ) and you just need Autoit to compile it, which is located here ( https://www.autoitscript.com/site/autoit/downloads/ ). After installing Autoit, just right click the au3 files and compile (feel free to look at the code and ask questions)

Even the files you compile yourself will likely be flagged as these AV companies tend to not like Autoit (which is unfortunate)
Post Reply