-
Posts
139 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ant Dude
-
-
Just now, miekiemoes said:
We have additional protection implemented for that already
Oh? Are there documentations on how that work in case I run into that which I hope is never.
-
3 minutes ago, miekiemoes said:
I appreciate your feedback. Especially with machinelearning engines to pro-actively detect any new threats, unfortunately, false positives happen. This is the same with other Antivirus that use machinelearning engines, but we keep on top of these and monitor realtime to fix these asap.
Luckily, the files are sent to quarantine, where you can always restore them again.
Well, it would be bad if they are critical files for the OS.
-
Also, is there no edit my own post option?
-
6 minutes ago, miekiemoes said:
Our machinelearning detection engine learns in real-time and fixes asap when determined it's a goodware file. Nope, it's not needed to doublecheck though (your entire drive, as that might take a while).
I remember it recommened to remove the files. That would be bad if they are good files.
-
10 minutes ago, miekiemoes said:
We actually monitor for potential FPs realtime already where they also get fixed asap, so, these might have been fixed already earlier on.
After seven minutes and 10 seconds, it said my G:\Windows was clean. Wow, in real-time? If we get these Malware.AI detections, should we rescan to double check? If so, then maybe MBAM should tell its users to rescan again to be sure they aren't FPs?
-
8 minutes ago, miekiemoes said:
I can't reproduce any detection. Can you update and verify if these are still being detected?
Thanks!
Hmm, now they are considered clean from my 7-Zip file. Did the definition updates get fixes from almost twelve hours ago? Let me to do a rescan of my G:\Windows (not doing all drives like I did overnight that took almost three hours to complete).
-
It seems unreliable with false positives like today's overnight scan in my decade old, updated PC with dual Windows boot setups (32-bit XP Pro. SP3 and 64-bit W7 HPE SP1). I hope these are really false positives (attached a 7z file with the EXEs and a screen shot/capture) since they never showed up as malicious before. Even with online scans (https://virusscan.jotti.org/en-US/filescanjob/zyph4syswd, https://r.virscan.org/language/en/report/0057a8b98f9c5854b830b299a7200abf, https://www.virustotal.com/gui/file/30c536948ce7a0c4e9417b88e81d77ac5c048917177dc06bc71dfa814900662d/details, and https://www.hybrid-analysis.com/sample/8ffc26bc2e827e94e534037bae4ab3fe3b7046a9f14977b6c77559d20ee3dfc2) confirm them being clean.
Thank you for reading and hopefully fixing and answering soon.
-
MBAM says Malware.AI.4195089919 says for my C:\winstuff\LDPlayer3.97andUp\ldnews.exe file (attached a 7Zipped copy; you can download and install https://encdn.ldmnq.com/download/package/en/LDPlayer_ens_3.97.exe from its https://www.ldplayer.net/ official web site). MBAM didn't say that this before yesterday's updates and its required restart.
Most online web sites' scanners says clean:
https://r.virscan.org/language/en/report/7c99fdc096342ed679d88caed8a77629
https://metadefender.opswat.com/results/file/bzIwMDcxMTkyZE9ic19xX2h0ZjRyTUJxWXpx/regular/overview?lang=en
https://www.hybrid-analysis.com/sample/dbe0b3cc202c3d690f03098d2e197b64acb5c05fe13b2bd821731969c6b538f3 says one supsicious.
https://virusscan.jotti.org/en-US/filescanjob/e0bumjn8pq
https://www.virustotal.com/gui/file/dbe0b3cc202c3d690f03098d2e197b64acb5c05fe13b2bd821731969c6b538f3/detection
So, maybe a false positive? Thank you for reading and hopefully answering soon. :)
-
50 minutes ago, thisisu said:
Glad to hear that worked. I think it just clears any cache / history that Malwarebytes had of that particular file. So when the history was cleared, it assessed the file again and sees that it's now on a whitelist. Hope that helps
Regards
That sounds like a minor bug to me.
-
I just rescanned, but got the same results. I exited MBAM and deleted my 12:22 PM hubblecache file to retest. It worked. Thanks. What happened there?
-
2 hours ago, Ant Dude said:
Wow, thanks! So far, suopgui.exe still hasn't been fixed. I will recheck in a few hours.
Still not fixed after a couple hours.
-
Interesting and weird.
-
Is it because my account is very old since I joined on 10/2/2009? IIRC, the forum was migrated from another system since then?
-
I never used SYNC feature in Firefox. Remember, I have the same issue in Safari, Chrome, and SeaMonkey on several devices.
-
I tried my iPhone's VZW cellular data. It said bad username and password. So I cleared Safari's cookies and history to retry. Now, it says "Your account has been locked. Try again in 15 minutes." Also, I tell the forum never to remember me and always sign in anonymouly for extra security.
-
No VPNs and proxies. I do use OpenDNS' in my router.
-
2 minutes ago, AdvancedSetup said:
No problem. Please run the scans as I've posted in post #7 and attach the logs when ready.
Um, even in Linux? It happens in all my devices even in my iPhone 6+ (iOS v12.4.4).
-
In my Debian box, I used Chrome v79, Firefox v68.4.0 ESR, and SeaMonkey v2.49.5. Is there no edit option in my own forum posts?
-
Just now, AdvancedSetup said:
Well above you said you were on version 71 but Firefox is on 72 why I mentioned it is all.
Oops. My bad. Too many dang numbers and releases. I just retried in my over decade old 64-bit Debian (Jessie) v8 and had the same issue.
-
I always use the (new/lat)est versions.
-
26 minutes ago, shadowwar said:
This will be fixed next update. about 2 hours from now. Thanks for reporting!
Wow, thanks! So far, suopgui.exe still hasn't been fixed. I will recheck in a few hours.
-
2 minutes ago, AdvancedSetup said:
And both browsers are having the same issue?
Yep and for a few years.
-
30 minutes ago, AdvancedSetup said:
My guess would be that some type of add-on extension or cookie issue. Which browser are you using @Ant Dude
I'm used both SeaMonkey v2.49.5 and Firefox v71 web browsers in my over decade old, 64-bit W7 HPE SP1 PC.
-
I attached a zip file with the four EXE files from old programs. Here's MBAM's text log requested:
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 1/10/20
Scan Time: 9:29 AM
Log File: bd963a2e-33ce-11ea-9113-001fbc01b9da.json-Software Information-
Version: 4.0.4.49
Components Version: 1.0.793
Update Package Version: 1.0.17533
License: Free-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Harvester7\ant-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 4
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 0 min, 23 sec-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 4
Generic.Malware/Suspicious, C:\USERS\ANT\DESKTOP\UPLOADS\FILES\SUOPGUI.EXE, No Action By User, 0, 392686, 1.0.17533, , shuriken,
Adware.DownloadAssistant, C:\USERS\ANT\DESKTOP\UPLOADS\FILES\AUDIOBURNER.EXE, No Action By User, 7701, 766474, 1.0.17533, , ame,
Adware.DownloadAssistant, C:\USERS\ANT\DESKTOP\UPLOADS\FILES\STARPORT.EXE, No Action By User, 7701, 766173, 1.0.17533, , ame,
Adware.DownloadAssistant, C:\USERS\ANT\DESKTOP\UPLOADS\FILES\VIDEOBURNER.EXE, No Action By User, 7701, 766289, 1.0.17533, , ame,Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)Thank you for reading and hopefully answering. :)
Is anyone else getting lots of Malware.AI... alerts?
in File Detections
Posted
Thanks.