Jump to content

avocado123

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by avocado123

  1. The http header referenced in the vt scan also has this date from early September date Mon, 06 Sep 2021 13:29:58 GMT connection keep-alive transfer-encoding chunked content-type text/html; charset=UTF-8 vary Accept-Encoding server nginx
  2. Thanks for your fast response. Could the scans of those anti-virus products also be outdated? Your linked vt scan on the /865 endpoint does not give a response to HTTP GET requests anymore. I'm 100% sure that its being actively used by edudip.com. If that means that their server is infected I could write them an email.
  3. Dear Malwarebytes staff, I've seen that the IP 49.12.198.69 has been abused in the past ( https://www.vmray.com/analyses/058ff1d64435/report/ioc.html However, now it's being used by https://www.edudip.com and Malwarebytes still blocks it which cuts off my audio. I've attached the log. log.txt Kind regards
  4. Malwarebytes it doesn't detect avr-g++ anymore. However, Malwarebytes detects "avr-objcopy.exe" in the directory "Arduino/hardware/avr/bin" as Malware.AI now. Do you also have this detection? sha256: 5bc07336d3dc78ef13a36db73b66ca206447fc9a40035ba8f481901084f737d5
  5. Yes, it just started a few hours ago. I guess something went wrong with their AI detection. Almost every post in the last few hours is about potential Malware.AI false positives.
  6. I'm also having this problem. Usually I only get a few false positives a year, but in the past few hours I got two false positives nearly at the same time (compiler that comes bundled with Arduino and Unity Hub). I have also disabled the scan option "Use artificial intelligence to detect threats", but it didn't exclude Malware.AI.
  7. I'm having the same problem. Just wanted to report it as a potential false positive too
  8. The uploaded file doesn't get detected anymore on my PC. However, whenever I create a new project in the CLion IDE, "CMakeCXXCompilerId.exe" gets compiled from source and gets detected as Malware.AI again. The only difference between the files that I could find is the compilation date stored in the PE header and somewhere else in the binary, which breaks the signature I guess? I've attached the log and and the file from a newly created project. CMakeCXXCompilerId_second_file.zip malwarebytes_second_log.txt
  9. Added the file. There's also a source code file in the same directory that I could upload. CMakeCXXCompilerId.zip
  10. Dear Malwarebytes team, Malwarebytes detected a CMake file as malware, which I think is a false positive. The file is called "CMakeCXXCompilerId.exe". This CMake version comes bundled with Microsoft Visual Studio 2019 and is being used by CLion IDE from JetBrains on my Computer. CMake version: 3.17.5 I've added the log as an attachment. Kind regards malwarebytes_log.txt
  11. Dear Malwarebytes team, I ran a full system scan yesterday and it detected "mssign32.dll" (which is signed by Microsoft) as Trojan.Agent. The sha-256 value saved in the malwarebytes detection log is also the same as the sha-256 value of the currently signed "mssign32.dll". sha-256: 7EBE304755BA0CB56301F922E17A2AE0C21BEFAF0B9062143219E3CACAC53A39 This confused me a bit, so I ran manual scan on that file today and it didn't detect it anymore, which confused me even more. Has this (potential) false positive detection already been fixed? I've added the log. The other two PUP detections are not a problem. Kind regards malwarebytesreport.txt
  12. Dear Malwarebytes team, As soon as I open a file that is associated with the open-source IDE called "Processing", I get a generic exploit detection from Malwarebytes. This however does not happen everytime, just rarely. I installed the IDE ~1 month ago and have used it just a few times. The first time I had the exploit detection was yesterday and the second time was today. IDE GitHub Page: https://github.com/processing/processing I have attached a log of the report. I would guess that this part of the code where PowerShell gets executed might have caused the generic detection if I read the log correctly: https://github.com/processing/processing/blob/e11941e0c3463cea7cd94e7204dfdb2c0d5d8f6b/app/src/processing/app/Base.java#L283 reportProcessing2.txt
  13. Thank you for your fast response, just ignore my second message.
  14. The file "dnSpy-x86.exe" gets detected as Malware.Generic.1290998494 in the official release of dnSpy v6.1.4. I have downloaded the file from the official dnSpy repository on GitHub. The file is located in "dnSpy-net472.zip" on the release page of the repository. SHA-256 of dnSpy-x86.exe: 2EF2ACEFCC3D9F824B542C5B8CEC89CA8F68CD63EA0FEE3C16354558D62F867E I have added the log of the scan as an attachment. REPORT_MALWAREBYTES.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.