Jump to content

BlackHawk

Members
  • Content Count

    59
  • Joined

  • Last visited

About BlackHawk

  • Rank
    Regular Member
  1. Looks like it is a FP... https://forums.malwarebytes.com/topic/247457-lenscryptorg/?tab=comments#comment-1313015
  2. I am getting the same thing rdspear! I reported the same behavior in the thread below. I am now getting that block situation on various sites and I am starting to think it's related to the Firefox browser which recently had an issue with "extensions" to which a fix was made. It would be nice if someone could look into this further, a person that has more time, and is more knowledgeable than I am. I was told it was not a false positive, but I believe it IS a false positive or some bug.
  3. Can you elaborate please? Why would I have received it and from what? When I did a Google search I came up with a check from Firefox... "It's the check as to whether a certificate has been revoked or not - Online Certificate Status Protocol or OCSP for short"
  4. Possible false positive in the log below? Domain: ocsp.int-x3.letsencrypt.org IP Address: 40.136.60.10 Please let me know. Thank you! Log... Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/15/19 Protection Event Time: 2:43 AM Log File: b23cd78c-76dc-11e9-a81a-00ff7b3f14ce.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10606 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Fraud Domain: ocsp.int-x3.letsencrypt.org IP Address: 40.136.60.10 Port: [49361] Type: Outbound File: (end)
  5. I continue to get false positives for C:\Program Files\CheckMAL\AppCheck\Temp\AppCheckUpdate.exe coming up as "Adware.IStartSurf" The main program is... https://www.checkmal.com/ Please let me know the situation with this. Thank you very much!
  6. Thank you MKDB! Your help is much appreciated!
  7. My bad, I should clarify... the "MimarSinan" false positive I got was from Adwcleaner. But, since both products are from the same company shouldn't the alleged false positive be fixed across the board? Thanks!
  8. I have the "MimarSinan" detection. Can someone please explain what this is and if it's a false positive why it hasn't been fixed yet? Thank you!
  9. Hi. I also have the entry "PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan" on a laptop. Can someone please give more details on this? I don't want to delete it and it be something that's actually wanted/needed.
  10. Ok got it. Thank you so much! Have a great day/night!
  11. Hmm... it seems you are saying if the legitimate security program by Cybereason made the entry I can allow it, but if it didn't I should delete it?
  12. Thank you for the reply. Did you read the two links I posted? They indicate that in my particular case it seems that Cybereason RansomFree (a legitimate program) is putting this entry in and it gets flagged wrongly. In my case the only way to rid this detection is to uninstall Cybereason. Allowing Malwarebytes to delete the entry does no good as it's recreated upon reboot every time. A few quotes from the two links I posted... Infection by PUM.Optional.NoDrives Quote from the Geeks to Go GeekU forum Moderator... " Cybereason RansomFree is the source of the Malwarebytes Anti-Malware detection, along with the randomly named files/folders. You can therefore safely ignore both." "The folders are created by RansomFree as one of the methods use by the product to detect the presence of file encrypting ransomware.You can therefore safely ignore the folders or uninstall RansomFree." " There are some ransomware protection software which deliberately create dummy folders containing randomly named .bmp, .png, .gif, .jpg, .pem, .xls, .mdb, .txt, .sql, .docx, .doc, .xlsx, .xls, .rtf, and .txt files in various locations (and partitions) on your computer as part of its functionality. These are actually trap folders and files...patterns of files and hidden virtual files that ransomware is attracted to and the feature is more commonly referred to as "Entrapment Protection".Ransomfree by Cybereason and CryptoMonitor by Nathan (DecrypterFixer) (but no longer supported) were among the first tools to include this feature."
  13. After getting a detection for the registry entry below I did some searching and found this to be what I believe is a FP. Registry Data: 1 PUM.Optional.NoDrives, HKU\S-1-5-21-1203251696-3052442490-1221746648-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, I say this is a FP after reading the two links below... 1. http://www.geekstogo.com/forum/topic/366881-infection-by-pumoptionalnodrives-and-more/ 2. https://www.bleepingcomputer.com/forums/t/638875/rogue-folder-and-file-on-hardisk/ Please let me know what you think, and if it's a FP, please make a fix. Thank you so much!!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.