Jump to content

hexaae

Members
  • Content Count

    61
  • Joined

  • Last visited

About hexaae

  • Rank
    Regular Member

Recent Profile Visitors

1,184 profile views
  1. Ok, here are the files you asked... But consider Local.exe was INDIRECTLY detected: I've been using it for a long time without issues with MWB in background, but since the local website was processing some files today, MWB AI wrongly detected Local.exe as a Ransomware: Local.exe for local webdev -> I was processing many files in my local Wordpress site -> Local.exe indirectly detected as potential generic malware (!). Please, notice this could be become a generic problem with these kind of local legit tools... Local.zip logs.zip
  2. WTF! Today I was doing some local webdev, and while processing a lot of Wordpress files Malwarebytes Premium brillant A.I. killed the task, and put under Quarantene Local.exe (see Local by Flywheel)! This BTW corrupted my local WP installation... Malwarebytes www.malwarebytes.com -Dettagli log- Data evento di protezione: 27/05/20 Ora evento di protezione: 15:01 File di log: 29d72c68-a01a-11ea-a04b-0c9d92a56fd0.json -Informazioni software- Versione: 4.1.0.56 Versione componenti: 1.0.920 Aggiorna versione pacchetto: 1.0.24530 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 18362.836) CPU: x64 File system: NTFS Utente: System -Dettagli ransomware- File: 2 Malware.Ransom.Agent.Generic, C:\Users\Luca\Desktop\Local.lnk, In quarantena, 0, 392685, 0.0.0 Malware.Ransom.Agent.Generic, C:\Users\Luca\AppData\Local\Programs\Local\Local.exe, In quarantena, 0, 392685, 0.0.0 (end)
  3. https://flatassembler.net/ Looks like a false positive to me...
  4. This is something useful and available on other AV/Anti-malware tools so I can't see why would be a problem.
  5. Why there is no option to just right click over the detected file and "Send it for analysis" to automatically post it to your attention for a quick verify? At present users are forced to waste 10 mins to login into the forum, upload the files and add a new topic in forums.malwarebytes.com , this is slow and annoying... Would be much easier and faster to use RMB over the detected or ignored file during scan, and from MB's UI select something like "Send it for analysis"... Hope to see something like this ASAP...
  6. hexaae

    Rom patches

    A patchtool which is safe to use shouldn't be considered Suspicious: it depends on what you patch and with what kind of patch. With this principle a lot of safe tools by themselves could be incorrectly detected as potential malware, including a simple line command to hex-modify files. Wrong approach IMHO.
  7. Gameboy emulator rom patches (unofficial game translation) detected as malware, attached. Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 19/11/19 Ora scansione: 11:22 File di log: 84854d60-0ab6-11ea-b7f6-0c9d92a56fd0.json -Informazioni software- Versione: 4.0.4.49 Versione componenti: 1.0.718 Aggiorna versione pacchetto: 1.0.15130 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 18362.476) CPU: x64 File system: NTFS Utente: LAPTOP-DVK1QFAS\Luca -Riepilogo scansione- Tipo di scansione: Ricerca elementi nocivi Scansione avviata da: Manuale Risultati: Completata Elementi analizzati: 315814 Minacce rilevate: 3 Minacce messe in quarantena: 0 Tempo impiegato: 3 min, 8 sec -Opzioni di scansione- Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Analisi euristica: Attivata PUP: Rilevare PUM: Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 3 Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-2197210833-2190798041-2317798482-1002\$RPWM90S\SNC-ZDX1.EXE, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-2197210833-2190798041-2317798482-1002\$RBYB949\SNC-ZDX1.EXE, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, Generic.Malware/Suspicious, C:\USERS\LUCA\DOWNLOADS\ITPCH_ZELDA_DX_V10.ZIP, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, Settore fisico: 0 (Nessun elemento nocivo rilevato) WMI: 0 (Nessun elemento nocivo rilevato) (end) itpch_zelda_dx_v10.zip
  8. Confirmed. Not detected anymore.
  9. Not only that. Also the ZIP file itself and its content 'dgvoodoocpl.exe' is incorrectly detected as malware:
  10. Again, false detection for version dgVoodoo2_62_2 you can download from: http://dege.freeweb.hu/dgVoodoo2/dgVoodoo2_62_2.zip
  11. In the list of engines who detected that file as malware Malwarebytes reported no threat... So?
  12. When EaseUS Todo Backup tried to search for an update...
  13. https://www.un4seen.com/xmplay.html blocked as Trojan??? It's a legit site where you can download plugins for XMPlay audio player...
  14. www.replaying.de safe retro games site blocked by MWB as malware site.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.