XTRMNTR2K

Thank you for the super quick response! :) Happy to hear it's just a FP as this had been on my machine for around two years I think (and never turned up during a scan).

During today's scheduled scan, three related detections showed up as Malware.Sandbox.1 on my system, two of which are registry entries. The other one is a related executable, which I have included in the zip file attached to this post, as well as the scan log. The file is a setup file for official extra content for the Campaign Cartographer 3 software, both of which I got from the official site profantasy.com. Also, virustotal doesn't show any detections for the file whatsoever. Let me know if there's anything else you need! possible_false_MBAM_positive_TTMonstersSetup.zip

Last night MBAM flagged a previously downloaded file as suspicious, even though I had already scanned it after originally downloading it around two weeks ago. The file in question is detected as Malware.AI.3050200255, which wasn't the case until the most recent scheduled scans. To be sure I also ran another MBAM update and re-scanned it just now, still the same result. The file is an installer for a bootable Memtest86+ USB drive with the latest release (V6.00 Beta 3); it is also partially flagged on Virustotal, though from what I can see all of those are AI-based detections as well: https://www.virustotal.com/gui/file/1d2b8a5c392dda89609fd467ce3c826bdc1c9bec731a6099daccdfac8ca782cb/detection Here's hoping this is just the result of an overzealous AI engine rather than a real malware detection... possible_false_positive_memtest86plus.zip

Wow! That was quick. Thanks a lot for your hard work! 😄

Last night during the regularly scheduled threat scan, MBAM detected two files as possible threats, flagged as Malware.AI. After having a look at the files, it turns out both are old leftover files from installers or parts of software that is no longer used; one belongs to RiftCat, a VR software, and the other to Stardock's Deskscapes software. Virus Total returns both as clean: https://www.virustotal.com/old-browsers/file-analysis/MjA3MjUyOGY5NGVmZGQyMWJmYzdhZmY5NTgxMjg1ZDM6MTY1Nzg2ODUyMg%3D%3D https://www.virustotal.com/old-browsers/file-analysis/N2JmMmIwMTBkZWIyYjk3MzcwNmRkNTA4NTBkMjcxODU6MTY1Nzg2ODcxOQ%3D%3D Both files and the corresponding protocol are attached to this post. mbam_protocol.txt files_flagged_by_mbam.zip

Hello Malwarebytes Team, after today's scan MBAM notified me of a possible threat. According to the report, a file in my Windows\SysWOW64 directory is affected. The file in question, mtxvec.spld4.dll, is being flagged by the AI module as Malware.AI.500400861. According to windows explorer, the file was last changed in 2011/created in 2018 though, but I guess that information could potentially be spoofed it the threat was indeed real. I also uploaded the file to virustotal and it appears to be clean: https://www.virustotal.com/gui/file/34161cac90ae241a001b2cad47fc827c1ff254f8d8de22b4ee958f47b0567e83/detection Since I suspected a possible FP I decided to check for another MBAM update, which was found and applied. After running a second, now manual scan, the report persists. It is attached to this post. (As a sidenote, the file shows up twice because of the attached zip file.) Since I am pretty paranoid about this kind of thing I thought I'd post here instead of ignoring the issue - or quarantining the file right away. Many thanks in advance and keep up the great work! possible_false_positive_dll_file.zip possible_false_positive_report.txt