miekiemoes

We actually detect on the installcore component which is a PUP, so this isn't only and always in installers. This is the same for utorrent, where we detect some versions as PUP.Optional.Opencandy, where the utorrent.exe located in the program files (launcher) is also bundled with OpenCandy. We can however review the Bitcomet.exe file itself again.

Hi Eugene, This isn't a false positive. This installer is bundled with additional software, which we call PUP.Optional.InstallCore. Other AVs probably detect this as well. You can however create an exclusion for this (or temporary disable MBAM) when reinstalling, as PUP means, Potentially Unwanted Program, so it's not really malware. but please be careful and read through the installation screens carefully when it presents additional software to you that isn't Bitcomet (unselect these if you don't want them), as these are often adware.

Hi, Yes, you can restore the quarantined file. The detection log also certainly helps. You can easily find this if you go through Detection History > History > Click the entry where the detection appears. You'll see a "view" icon, and that's where you'll see the detection, where you will be able to export the results (to clipboard, so you can paste it here).

Hi, Unfortunately, there's not much we can do with this info as we need to have the file and detection log. This so we can review if it's a False Positive indeed. So please zip and attach the exact file that was detected together with the detection log where the detection is displayed. Thanks!

Hi, I'll add it to the whitelist. It will be a more global whitelist this time, so future versions won't be detected either (unless you change too much of the program of course)

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Thanks for reporting. This will get fixed.

Hi, No, there was nothing strange in your logs

Thanks. This helps. I couldn't reproduce this for older engines either, but I have whitelisted it anyway. Because of this older version, it might be possible that the rootkit engine rather triggers this, which is fixed in later versions. So in case you are still getting a detection for this, you can either disable the rootkit scanning (as this is usually disabled by default already), or just create an exclusion for this file locally. Thanks!

Hi, You are using an old version of Malwarebytes. Please update to the latest version. Also, can you zip and attach the file that was detected?

Thanks, this has been fixed. It looks like some changes to the program has triggered an alert again. Many other AVs alert on these too.

Thanks. Yes, this helps. This was still detected by an older engine (it wasn't detected with our latest engine). So we have fixed this in a meanwhile for our older engine as well. Thanks for reporting!

Hi, This is indeed a false positive by our additional machinelearning engine we have implemented. This will get fixed. Thanks for reporting!

Hi, I can't reproduce detection. It might have been fixed already. Do you still have the detection log as what it was detected?