Premo36
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Premo36
-
-
17 minutes ago, Porthos said:
The attached file is not detected by the consumer or commercial versions of Malwarebytes.
The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.
This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.
Thank you for quick response. In the next few days I'll try to re-scan the files on virustotal hoping that It will fix itself. I wrote a post here as the last time I contacted virustotal they said the couldn't do anything and that only the anti malware companies can fix this kind of issue.
-
Hi everyone,
recently malwarebytes began again to incorrectly flag my software has not safe.
The malwarebyte scan on my machine does not trigger any detection (I've still attached the report), but both the .exe and .zip folder containing the .exe gets reported by malwarebytes as MachineLearning/Anomalous.100% if uploaded to https://www.virustotal.com/gui/
DML v2.4.exe result: https://www.virustotal.com/gui/file/74a99654a4a21987fe5120fcf77f7c005e3ac00bc084a5f9633af88d7c1d4d2c/detection
DML_v2.4.zip result: https://www.virustotal.com/gui/file/ca2f15fcc5c34c2507a10521a1a0cf07da83f4c0f1cabe67e8ad3aebcaf4fdf5/detection
It's not limited to the newest version, as also the last stable version, which has been out for almost a year began to have the same problem.
DML v2.3.exe https://www.virustotal.com/gui/file/05788e068cae903c5d5c3f455312dbaa72d66c1f8e546f3a70f10b3e0ff47d24/detection
DML_v2.3.zip https://www.virustotal.com/gui/file/acff4fdc6b97aecaa91cc61acf21807df128b0f58e720b223ab60884bed2f607/detection
It seems to afflict also some beta releases, at least the most recent one, I didn't uploaded them as there are quite a few of them and for me are not as important as the stable releases, but if it can help train the AI or you may need them for any reason, the .zip files can be found here https://github.com/Premo36/DML2.X/releases
If it can help, the software it's open source and it's sourcecode can be found here https://github.com/Premo36/DML2.X
Thank you!
-
I've just pushed a small update on my software to fix a small bug (The only difference in the whole code it's that I've just removed a space in a string), but that bug was preventing users to load .ini files which is one of the core features, so i had to do a quick fix. Malwarebytes on my pc is back at recognizing it as a malware. I've uploaded again on virus total but it didn't find anything (even after a few rescan).
https://www.virustotal.com/gui/file/6ffbb7b73c00bf00a41234c519a83ec2cee3cd5d7ac5e93f812f1c17fba7c608/detection
The detection is still "MachineLearning/Anomalous.100%"
I've attached the new .exe, the .dll that is needed to the .exe to work and the malwarebytes log in the zipped file.
Would it help if every build I do is uploaded (even the developers one) to virus total? Will this train malwarebytes to stop recognizing my software as a malware?
Thank you.
-
23 hours ago, Porthos said:
If it's still detected on your end, then Quit malwarebytes from the systemtray. Then navigate to the following folder:
C:\ProgramData\Malwarebytes\MBAMService
In there, locate the file HubbleCache and delete it.
Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.
It worked, thanks, now it's not recognized anymore.
-
1 hour ago, shadowwar said:
Its not detected locally here. It should of been within 10 mins of my last post.
Maybe shutdown Malwarebytes and restart it and see if its still detected.
If you do change it it would have to be whitelisted again for now. You can save some time though by uploading it to virustotal.com as our cloud would get a copy and learn whether its malware or not.
I cant get into specifics but basically it looks for file anomalies similiar to what malware does. Files not signed. Weird version info. Empty sections or packed. etc.
If the file was valid digital signed it goes a long way to preventing fps.
My desktop PC keeps detecting it as a malware, even after a few reboots. However on my laptop it's not detected anymore. So probalbly some sort of caching is happening on my desktop (What file should I delete to force malwarebytes to truly rescan?).I uploaded just the .exe on virustotal as you suggested and malwarebyte does not detected it.
Thank you.
-
10 minutes ago, shadowwar said:
This should no longer be detected. Thanks for reporting,.
Thank you, how much do I have to wait before the malwarebyte definition updates rolls out? (I've checked a few minuts ago, after I deleted temp files and I rebooted my pc, malwarbytes still detects it). Also I would like to know if I have to resend the exe every time i update my software and also what kind of suspicius behaviour my software had that may have triggered malwarebytes machine learning heuristic, so next time I can avoid it. Thanks again for your help.
-
Hi,
I've just finished developing my software, and I was ready to release it, but Malwarebytes detected it as a "MachineLearning/Anomalous.100%" malware.
I know I'ts a false positive because I developed the software.
The .exe file in the .zip it's the one that has been detected. It's a C# (.Net framework 3.5) frontend that provides a user interface to start another software (Not included as it's not mine and it's not recognized as a malware) with some arguments (arguments depends on what the user do within the frontend). It stores some data to keep preferences in a folder in %appdata% and download from the internet a text file that it use to eventually notify the user about a new version. The same txt also contains 2 urls, one for the new version download page and the other one it's used to download another text file that contains the full changelog history. That pretty much all it does.
The p36_utilities.dll it's a library that I wrote and it contains some generic functions to read and write data. My software need it to work. It was not detected.
In the attached .zip i've also saved "log.txt" which is the malwarebytes log of the scan.
Thank you
MachineLearning/Anomalous.100% false positive (I'm the software developer)
in File Detections
Posted
Hi, how are you? This is becoming a yearly tradition
I'm near the release of a new version of my software, so I uploaded it on virustotal to find out if it trigger any false positive detection, and malwarebytes flagged it as malicious (via the AI heuristic).
It did that with also all the beta version but I didn't bother report them as there were not aimed at a broad public. My software is open source and it's sourcecode can be found here https://github.com/Premo36/DML2.X
I've attached 2 zip, both contains my software .exe. They are the same software but the mono one is a slightly edited version with a few cutted feature in order to make it run under mono on Linux/Mac OS. Both the .zip and the .exe gets flagged.
DML v2.5[MONO].exe https://www.virustotal.com/gui/file/e5303a8a2ea0fb10360f50504c80978396b32904bff7793472721cf8512d2a9d?nocache=1
DML v2.5[WINDOWS].exe https://www.virustotal.com/gui/file/9884c8dabb418887ff666b610d7e547cf528a0654d0ea06307e2faa95c1c9605?nocache=1
DMLv2.5[MONO].zip https://www.virustotal.com/gui/file/4c3343cce5175d4a785bf970cc40d8307bb96122a7f3bc8060405c5af6e2e3cf?nocache=1
DMLv2.5[WINDOWS].zip https://www.virustotal.com/gui/file/2eb873905f840b73580ac2555265fe336e0a17c0f30794f025d973d6720acd61?nocache=1
Thank you!
DMLv2.5[MONO].zip DMLv2.5[WINDOWS].zip