Thursday, April 2, 2015

Ghosts in the Malwarebytes



Just a quick note.  If you've just suffered a debilitating round of re-installing Office 2003 today ( C'mon now, at least a few of you still have to support it) I may know why.

At roughly 2PM PST on April 2nd 2015,  Malwarebytes released an update (4.2.6) for it's malware scanner  that falsely triggered a quarantine of Microsoft Office 2003 files for a supposed "Trojan.Agent.edt" infection.  The first victim is usually outlook.dll since it's part of Outlook client and the most used application of the suite.  

While the Fortune 500 IT guys may have nothing to worry about here, the rest of us just might.  In the "real" world to find an old version of outlook (like 2003) to be running alongside a newer version of the MS Office suite isn't uncommon.   More often than not small businesses opted to upgrade to a version of MS Office that didn't include Outlook.

That there were more versions of MS Office without it than with was either bad marketing or just a cruel joke.  Regardless, it means you as a small business IT guy or consultant can run into this issue.  

So here are those ingredients for pain again...

You need one part Microsoft Office 2003, one part Malwarebytes and one part bad update.

The fix?

Depending on whether or not the affected system had Office running today the fix is as simple as allowing the latest updates to install (4.3.x).

If, however, you received a feverish phone call toady from users convinced they were experiencing a "Virus!" there's an extra step.

The "infected" office files will be in the quarantine (under the History tab) of the Malwarebytes application.  Select their associated check boxes and simply click "Restore" and answer in the affirmative to any questioning prompt.

You should update the Malwarebytes signature files first, BTW, so that you don't end up in chasing your tail in an endless circle of restoration/quarantine.

The quarantine process removes but does not damage files so their restoration requires no further action to return your MS Office 2003 applications to full functionality.

Follow the steps above and you can consider this bullet dodged.


Check out the video below to see the steps in action!