[Potential false-positive (HPUSBFW.EXE)]

Thank you.

 

[Potential false-positive (HPUSBFW.EXE)]

Here you go.
 

detection_log.txt

[Potential false-positive (HPUSBFW.EXE)]

Hello,

 

the attached ZIP file contains HPUSBFW.EXE which has been on my computer since 'the beginning' and seems to be a part of some HP utilities (HP USB Disk Storage Format Tool), but has only been flagged as malicious today.

 

  Regards,

     D.

 

HPUSBFW.zip

[Possible false positives]

Today Malwarebytes suddenly decided that three files, that have been on my disk for months or years, are malware or infected with malware.

I checked these files on virustotal.com and the results were largely negative, but for two of the files some of the vendor results have been  positive.

One of the files is most probably Glary Utilities 5 setup file (https://www.glarysoft.com/) which I tried a year or more ago, one seems to be some setup utility for TP-Link devices (seems legit enough). I have no idea about the third one (CAB file).

 

Please check these out.

 

possible_false_positives.zip

[Possible FP Malware.Heuristic.1003 - 5E33908D.MSI]

Hello,

I also had Malwarebytes detect and flag an existing file as Malware.Heuristic.1003. The file is C:\WINDOWS\INSTALLER\5E33908D.MSI, created on December 11th, 2019.

I do not have the Use expert system algorithms to identify malicious files option enabled.

 

Here's the report:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/21
Scan Time: 10:58 AM
Log File: b2a635c4-a736-11eb-a68a-001e8c2b657c.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39853
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: brzic7\danci

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 45 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1003, C:\WINDOWS\INSTALLER\5E33908D.MSI, No Action By User, 1000001, 0, 1.0.39853, 0000000000000000000003EB, dds, 01220070, D4C910AC97B04CBAF1A0D33DD9C55B1B, 76364F6AEEF08DCB91A9798B9254787D320749B4A19B5A8EEF47C9DF7CDDD260

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

I've also attached the file in question. I have no idea what it is or whether it is indeed a false positive.

5e33908d.zip

[Avast cleanup tool causing an FP]

Hello,

 

here's the ZIP.

 

Steam_reg.zip

[Avast cleanup tool causing an FP]

1 minute ago, danci1973 said:

Hello,

as of today I'm having a similar issue, but I haven't used Avast Cleanup in months... Didn't even know I have a valid license. 

Can you let me know, what I'm looking for in the registry to identify if it is the same thing? Unfortunately, I can't download the ZIP file posted in a previous comment.

     Regards, Danilo

 

Btw, this is what Malwarebytes shows in the log:

 

Registry Key: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, No Action By User, 6789, 239347, 1.0.20686, , ame, 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, No Action By User, 6789, 239347, 1.0.20686, , ame, 

Registry Value: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, No Action By User, 6789, 239347, 1.0.20686, , ame, 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, No Action By User, 6789, 239347, 1.0.20686, , ame, 

 

[Avast cleanup tool causing an FP]

Hello,

as of today I'm having a similar issue, but I haven't used Avast Cleanup in months... Didn't even know I have a valid license. 

Can you let me know, what I'm looking for in the registry to identify if it is the same thing? Unfortunately, I can't download the ZIP file posted in a previous comment.

     Regards, Danilo