Krisjohn

Thank you

PTFB is a product that's been around since the early 2000s. If you go to https://www.ptfbpro.com/download.shtml and attempt to download the installer, the browser plugin blocks it. Since every page on the site I tested loads fine, I assume MalwareBytes has a problem with the .exe download and it's being mis-labeled as "scams". Can you please review this behaviour? Thanks. BTW: I spoke with their support and the feedback was (paraphrasing) that the Venn diagram of "downloads in a format all customers has no problems with" and "download behaviour and format that's not blocked by any anti-malware product" is two separate circles. Anything you could do to make this better would be great.

This is the classic false positive that sank this product. There's nothing wrong with the SFX module, it's just that the compression was so good that lots of malware used it. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 16/05/2023 Scan Time: 02:59 Log File: 962962b2-f352-11ed-b902-d85ed391170f.json -Software Information- Version: 4.5.27.262 Components Version: 1.0.1991 Update Package Version: 1.0.69524 Licence: Premium -System Information- OS: Windows 11 (Build 22621.1555) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 525655 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 10 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4009703588, C:\PROGRAM FILES (X86)\WINRK\STUBS\RK_ENGLISH.SFX, No Action By User, 1000000, -285263708, 1.0.69524, 509AAF1F99A3D1CCEEFF38A4, dds, 02297746, 0EC03EA73EE36BB215FE4E2256049B31, 95A21E21864C0397FCED2A53A67F8BD900FBC1571158C0E96C2FD61DAED2AAE6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

It's detecting now, thank you.

I'm sorry, I've posted this in the wrong place. I didn't realise I was in false positives, I thought I posted this to new malware threats.

Other files in that bundle test positive too: https://www.virustotal.com/gui/file/00aa8ef79dd776216a9f0a7c97f41b682a17d9edbc0b981f2b9626edef5cc7bd https://www.virustotal.com/gui/file/c611a8b250d5906a2e84684422005547762158359d39c2876bddb8b5b9806545 https://www.virustotal.com/gui/file/2cb48c8077b0298c19be52a164d2c7ce945f468ca0582d2ca99ac4b706f02983

Sold here: https://groupees.com/gerardo-rodriguez-music-game-app-sfx-bundle First thing I did was run it through Virus Total and I got a bunch of hits. MalwareBytes on my PC didn't spot it though. Password_Generator.zip