Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk


  1. Hi,

    I suspect this is a F/p detection caused by a bug possibly but inorder to verify further need to take some additional steps.

    Please update MBAM to its most recent database and then reboot the computer.

    Next restore the file from quarantine and then zip and attach it to a reply if its detected again and also send back to quarantine.

    Thanks in advance.


  2. Hi zrmamc,

    This is not a False Positive detection but a PUP detection.

    PUP means Potentialy Unwanted Program.

    PUPs will not damge your computer but in this instance the installer is for a bundle of software as opposed to a stand alone installer for the original software.

    That bundle of software in most cases would be potentially unwanted by most users.


  3. Hi,

    From the second non quarantined file you supplied also had a corrupted PE header would suggest whatever is recreating the file is recreating files with corrupted PE headers.

    The original detection was based on a known bad file pattern and not because the file header was corrupted.

    That said the signature is many years old would not be entered into the database nowadays as its way too loose and potentially prone to F/P as is the case for your detection.

    I have revised the original signature if you can recheck your files to see if the detection still remains.

    I would also like to thank you for your assistance and apologize for any inconvenience caused by this F/p.


  4. Hi,

    The new file with Icon that was created. Did we detect this file and if so can you please zip and attach that file.

    With regards any removals it is always advised to hold files in quarantine for a period of time just incase their removal breaks a chain of dependency. That way if something breaks (after file removal) the file can be restored and another Fix can be persued.

    If however you delete your quarantined item(s) immediately then that option is removed under that potential scenario.


  5. Hi,

    The JavaRa.exe from your quarantine is not infected nor malicous.

    JavaRa is open source software >> http://raproducts.org/wordpress/

    We have removed the signature(s) from our database that detected this file by accident (False positive)..

    We apologize for any anxiety this has caused you but i can confirm once again the files you have submitted from your quarantine in this topic are clean and we have removed or changed the signatures that caused their unintentional detection overnight.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.