miekiemoes

Hi, This is behavior detection, but has been fixed in a meanwhile. Thanks for reporting!

Thanks for reporting. We verified the site has been cleaned and the block has been removed. This will be affected in next database update.

Hi, This isn't a false positive. They are marked/listed as Adware and/or Potentially Unwanted. If you want to keep both, please create an exclusion for these. In case you want to dispute, please see here: https://forums.malwarebytes.com/topic/130207-pupoptional-listings-and-disputes/ Thanks.

Hi, The fact that you can't exclude or can't find it, is because it's still in your quarantine. So you have to unquarantine it first (select and click restore) and then reboot. After reboot, you will be able to create an exclusion for it. * To add the exclusion, open Malwarebytes > Settings > Exclusions tab * Below, click the button: "Add Exclusion" * Then, select "Exclude a File or Folder" (this should be prechecked already by default) * Click Next * You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. * For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) * Then click the OK button below. Once you've done above, can you also zip and attach this exact Paladins file? This so I can have a look at it, if something changed. Thanks!

Hi, Thanks for reporting. This will get fixed in next database update.

Hi, We would need more info, so can you zip and attach the MBAMService.LOG, this so I can have a look why it is still detected. You can find this log in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS

Hi, If you have unquarantined/restored it before and rebooted, it shouldn't display there anymore. Once you've set the exclusion, it should then show under settings > exclusions. Even though if it is still listed under quarantine, it shouldn't cause any problems.

Thanks. Verified as a false positive indeed and should be fixed now. I however suggest you add an exclusion for this file too in Malwarebytes. In order to do this, * open Malwarebytes > Settings > Exclusions tab * Below, click the button: "Add Exclusion" * Then, select "Exclude a File or Folder" (this should be prechecked already by default) * Click Next * You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. (in your case D:\Steam\steamapps\common\Football Manager 2019\fm.exe) * For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) * Then click the OK button below.

Hmm, if the file is too big for Virustotal already, then it will also be too big to attach here. Let's try a different method and upload it via here: https://www.transfernow.net/en/ Once you drag and drop the fm.exe there, you *should* have an option to generate a custom link afterwards where to download it. Copy and paste that link in your next reply.

Maybe, to make it easier for you, browse to the D:\Steam\steamapps\common\Football Manager 2019 folder Locate the file fm.exe in there and upload it to here: https://virustotalcloud.appspot.com/nui/index.html#/home/upload (you can use drag and drop) Then it performs a scan there and when finished, copy and paste the url in your next response

No there isn't, as it seems to be a false positive

Hi, Can you unquarantine the file, then reboot, then zip and attach the file please? Thanks!

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/ Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hi, It's because of this: user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=<ID>&form=CONMHP&conlogo=CT3335799") This is conduit powered by bing. Some more info: https://www.merkleinc.com/blog/conduit-deal-boosting-bingcom-paid-clicks-near-10 Conduit isn't malware, but Potentially Unwanted. https://blog.malwarebytes.com/detections/pup-optional-conduit/ So it's your choice whether you want to have malwarebytes fix this or not. You can always add this detection to your exclsions. Thanks!

Hi, Thanks for this. I reviewed and verified this is a false positive indeed (behavior ransomware detection), but this has been fixed already, so it should no longer be detected anymore.