siliconman01

Attached is the UserBenchmark.exe file and the MBAM scan results/log. I'm pretty confident that this is a false positive. NOTE: The forum will not upload these two zipped files for some reason. Below is the log. You can download UserBenchmark at the following URL: Home - UserBenchmark Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/23/21 Scan Time: 4:06 PM Log File: 7aaa19ec-ebf1-11eb-9baf-305a3a05c7ae.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1404 Update Package Version: 1.0.43436 License: Premium -System Information- OS: Windows 10 (Build 19043.1147) CPU: x64 File System: NTFS User: ASUSHomeBuilt\Tom -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 322779 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 1 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Spyware.Exploit, C:\PROGRAM FILES\USER BENCHMARK\USERBENCHMARK.EXE, No Action By User, 13848, 961181, 1.0.43436, , ame, , D35F8246F25DC9C303B09D35E8563500, 77C3771475C31F79A4FE4B7BBEE7FD37D5516D9FD794CB4D8322F3CFEA3A106A Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

Internet Download Manager file IDMan.exe is being detected as Malware.AI.1415499812. I ran it through Virus Total and it is clean. False Positive? IDMan.zip Scan Results.txt

The attached two files are being detected as malware. I ran them through Virus Total and they scanned cleaned. Are these false positives ? False Positves.zip MBAMScanResults.txt

CASPERSVCS.zip

Malware.Heuristic.1003, C:\USERS\TOM\APPDATA\ROAMING\FUTURE SYSTEMS SOLUTIONS\CASPER 11\INSTALL\05E56A7\COMMONFILESFOLDER\FUTURE SYSTEMS SOLUTIONS\SERVICES\CASPERSVCS.EXE. The above file is a False Positive CasperFalse Positive.txt

Malware.Heuristic.1003, C:\USERS\TOM\APPDATA\ROAMING\FUTURE SYSTEMS SOLUTIONS\CASPER 11\INSTALL\7214666\COMMONFILESFOLDER\FUTURE SYSTEMS SOLUTIONS\SERVICES\CASPERSVCS.EXE, No Action By User, 1000001, 0, 1.0.39491, 0000000000000000000003EB, dds, 01205305, F1C464F8DC128A72CCD03B130E5CC635, 937C17D7BB51239EEE16B38569A6B102E0AECCD87BDCC62FC4B2BA2175EA8B54 The above False Positive is occurring for Casper 11. CASPERSVCS.zip False Positive.txt

The latest definitions are flagging the HOSTS file as infected. HOSTS.zip

Does Browser Guard check a website's favicon to determine if it is being used as a supercookie-type tracker? https://gizmodo.com/favicons-could-be-the-supercookie-that-tracks-you-every-1846229089 https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

This applies to Windows 10x64 Pro Version 20H2 (OS Build 19042.546 and MBAM Version 4.2.1.89, Update Package 1.0.30876, Component Package 1.0.1061, Support Tool 1.7.0.827. I performed a Clean Install of MBAM using the Support Tool which downloaded FRSTEnglish.exe. Following the installation of the latest version of MBAM, a scan detects FRSTEnglish.exe as a trojan. See attached logs and also FRSTEnglish.exe. False Positive.zip

Is the Mb Support Tool download link posted on the forum anywhere?

Thanks for fixing the "Resolving Host" issue for Windows 10x64 Pro V2004 and MS Edge Chromium default browser. 😇

Am on 2.2.7 and no longer seeing any blocks on the URL. Thanks for your attention to this issue and please stay safe.

As of 11-july-2020, hxxps://www.macecraft.com is being blocked for Phishing. Is this a False Positive ??

It's still being blocked. I disabled the MBAM extension in MS Edge Chromium (my default browser) and initiated the download. The download URL showed as: hxxps://cdn1.ashampoo.net/ashampoo/5710/ashampoo_burning_studio_21_21.6.1_sm.exe which is different from what I initially provided. Sorry.

The download for Ashampoo Burning Studio 21 is blocked as a suspicious download hxxps://www.ashampoo.com/en/usd/dld/5710/Ashampoo-Burning-Studio-21/