miekiemoes

Hi, Thanks for your feedback. I have sent you a private message via this forum with some additional info. Thanks!

Hi, Yes, you are correct that this is confusing and people will see this as Malware, while, in many cases, it is Malware, but in your case, it's not. I will address this with the development team. Thanks!

Hi, Thanks for reporting this to us. To clarify this some more, our machinelearning engine detects as "Anomalous", not really malware. So that means, it triggers on some anomaly design, unfinished builds, sections without content, etc etc... This is detected correctly as anomalous. This is what Malware does a lot as they change almost hourly, hence why this additional protection. So if you are a developer, I suggest you exclude the working directory from detection. Once it's final and ready to be shared with others, in most cases it won't be detected anymore since it won't trigger the "anomaly" anymore either. In case a "final project" is still detected, please let us know (include the sample), so we can add it to the learning as well to prevent this in the future. Thanks!!!

Hi, What Malwarebytes detected aren't Trojans but Riskware. In your case, it seems like you're using a modified steam_api.dll (cracked/patched) which is always a risk, so that's why we detect correctly. You'll see that a lot of other AVs will also detect these.

Hi, It's safe to install, but it's not recommended. Also see here: But of course, it's your decision.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. Thanks for reporting!

Hi, If it's a local batch for own use, I suggest you create an exclusion for it. In order to do so, open Malwarebytes > Settings > Exclusions tab Below, click the button: "Add Exclusion" Then, select "Exclude a File or Folder" (this should be prechecked already by default) Click Next You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) Then click the OK button below.

Thanks. Above file should no longer be detected anymore either. And yes, if you add version information and keep it consistent, it will prevent future ones being flagged. Of course, we would need the new version first as well in order to have the MachineLearning engine to "train" on it - but at least it will go faster/easier then.

You should be OK here

None of these are really Spyware, but especially the Bitcoinminer exposes a risk as it's hogging your cpu like crazy.

For the Trojan.Agent.TskLnk & Trojan.CryptoNight - that one is related with a Bitcoinminer you have also installed. https://blog.malwarebytes.com/detections/riskware-bitcoinminer/ PUP.Optional.DriveTheLife - is detection for DriverTalent you have installed. It's your own choice whether you want to keep this or not, as PUP means, Potentially Unwanted Program. In most cases this comes installed with other 3rd party software, so most people aren't aware of its presence.

Hi, These don't look like False Positives, but are valid detections.

Hi, Is this exact the same file? Because it might be another Profi_PNT.exe file with some modifications in it that is different from the one you uploaded before. Mind to zip and attach this one from the other PC as well? As an additional note, it's always good practice to use Version Information for your files, as that makes it easier for our MachineLearning engine to train on as well. Thanks!

Hi, This is detected by our MachineLearning engine (and not really as malware), which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hi Gin, This has been fixed already and should no longer be detected anymore.