RESOLVED - Updated to local 7.1.0+6396, Malwarebytes reports ransomware in php-cgi.exe

captainhaddock · August 6, 2023, 6:24pm

I have just Updated my env to local 7.1.0+6396, on running adminer Malwarebytes reports ransomware in php-cgi.exe and has quarantined it.
Has anyone else had this - is it a false positive. I would appreciate comments before taking the exe out of quarantine.
I checked the SHA1 key against the downloaded install image and it checks out OK.

What steps can be taken to replicate the issue? Feel free to include screenshots, videos, etc

ransom800×205 40.4 KB

System Details

Local Version: 7.1.0+6396
Operating System (OS) and OS version: Windows 11 (updated to latest levels)

captainhaddock · August 6, 2023, 8:55pm

FYI - I reported this to Malwarebytes as a false positive, updated my malwarebytes with today’s updates and it no longer reports the ransomware false positive.

Topic can be closed.

austinwendt · August 7, 2023, 7:09pm

Glad to hear! Thanks for reporting back, we appreciate it.

system · August 9, 2023, 7:10am

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why is Local Installing Malware on My Computer? Support mac	3	573	March 22, 2023
Local Beta 6.2.0 Local Beta Releases	1	877	January 12, 2022
Vulnerability "Backdoor.PHP.DULLWSHELL.K" was discovered in Adminer Support adminer	1	421	March 12, 2023
Local Beta 6.1.1 Local Beta Releases	1	945	August 11, 2021
CPU spikes from PHP Support performance	1	328	June 28, 2020

RESOLVED - Updated to local 7.1.0+6396, Malwarebytes reports ransomware in php-cgi.exe

What steps can be taken to replicate the issue? Feel free to include screenshots, videos, etc

ransom800×205 40.4 KB

System Details

Related Topics