tedus987

auto run on steam got picked up as malware False Positive? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/8/24 Scan Time: 3:53 PM Log File: ff2f5da6-dd63-11ee-b336-b42e9933a280.json -Software Information- Version: 4.6.10.316 Components Version: 1.0.2286 Update Package Version: 1.0.81929 License: Free -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: LukeGamingPC\lukef -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1173120 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 4 hr, 45 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.EXE, No Action By User, 1000000, 1544300986, 1.0.81929, E648855586E3A2A15C0C29BA, dds, 02726764, 04753524D2CE451DC80A81A0DC6D5069, C30638B6BCFC12A6D1790FFEC95B4E6F71C8142E697E5E2D0C2E218E79124CC6 Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.ZIP, No Action By User, 1000000, 1544300986, 1.0.81929, E648855586E3A2A15C0C29BA, dds, 02726764, , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive.txt False Positive.zip

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/15/24 Scan Time: 5:01 AM Log File: 14b55bba-b363-11ee-b049-b42e9933a280.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2242 Update Package Version: 1.0.79658 License: Free -System Information- OS: Windows 10 (Build 19045.3930) CPU: x64 File System: NTFS User: LukeGamingPC\lukef -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1111824 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 2 hr, 24 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.EXE, No Action By User, 1000000, 1544300986, 1.0.79658, E648855586E3A2A15C0C29BA, dds, 02649784, 04753524D2CE451DC80A81A0DC6D5069, C30638B6BCFC12A6D1790FFEC95B4E6F71C8142E697E5E2D0C2E218E79124CC6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) a 10 year old game I think... pretty sure this is a case of new heuristics detecting safe but janky code. Autorun.zip false positive.txt

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 01/07/2022 Scan Time: 20:28 Log File: 04113824-f974-11ec-ab5c-b42e9933a282.json -Software Information- Version: 4.5.10.200 Components Version: 1.0.1709 Update Package Version: 1.0.56645 Licence: Free -System Information- OS: Windows 10 (Build 19044.1706) CPU: x64 File System: NTFS User: LukeGamingPC\Luke -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 856596 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 3 hr, 19 min, 24 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Malware.Heuristic.1008, E:\STEAM\STEAMAPPS\WORKSHOP\CONTENT\1281930\2793971101\OBJ\DEBUG\NET6.0\REFINT\GRAVITYDONTFLIPSCREEN.DLL, No Action By User, 1000001, 0, 1.0.56645, 0000000000000000000003F0, dds, 01839980, 0AC5C00794F5A4E9FD08B552584A52F0, A813BAD867C746B2337F8EC91B75C9AE063781DFB53056468B69645395A385CC Malware.Heuristic.1008, E:\STEAM\STEAMAPPS\WORKSHOP\CONTENT\1281930\2793971101\OBJ\DEBUG\NET6.0\REF\GRAVITYDONTFLIPSCREEN.DLL, No Action By User, 1000001, 0, 1.0.56645, 0000000000000000000003F0, dds, 01839980, 0AC5C00794F5A4E9FD08B552584A52F0, A813BAD867C746B2337F8EC91B75C9AE063781DFB53056468B69645395A385CC Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) possible false positive.txt False positive.zip

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 01/04/2022 Scan Time: 19:37 Log File: c195a230-b1ea-11ec-b028-00ff36ec70ee.json -Software Information- Version: 4.5.7.186 Components Version: 1.0.1645 Update Package Version: 1.0.53105 Licence: Free -System Information- OS: Windows 10 (Build 19044.1586) CPU: x64 File System: NTFS User: Sarahs-Gaming-Rig\sarah -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 901058 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 4 hr, 43 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1595790594, E:\STEAM\STEAMAPPS\COMMON\PIXAGEFX\PIXAGEFX.EXE, No Action By User, 1000000, 0, 1.0.53105, 1B2838FF1B2838005F1DD502, dds, 01708864, CD439B13A1A9DA7BE2A77F61DB2015A3, 254F87E96619E6FF58FB833DD5BBF0154C3F56ECFBB906EA913F06CE231809CB Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive results.txt false positive.zip

Scan completed, it didn't detect anything.

I can do that, will let you know the results.

done MBAMSERVICE.LOG

so i noticed Mbam report a file, it suggests an AMD file is a trojan in the file store. most likely an FP Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 19/03/2022 Scan Time: 15:18 Log File: d31263ca-a797-11ec-b204-00ff36ec70ee.json -Software Information- Version: 4.5.6.180 Components Version: 1.0.1634 Update Package Version: 1.0.52580 Licence: Free -System Information- OS: Windows 10 (Build 19044.1586) CPU: x64 File System: NTFS User: Sarahs-Gaming-Rig\sarah -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 899296 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 4 hr, 50 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.StolenCert, C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNMS002.INF_AMD64_C3BD6686769EE10C\AMD64\FXSRES.DLL, No Action By User, 7504, 1035139, 0.0.0, , ame, , 95F6F0D21ECDABB1DDB503B3BDC38CA8, 8A9552C227FBA50B7C196E16EA5D01E0357E17F3AFEFD65EC3AF1C0C6CD9FEFA Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive results.txt false positive.zip

so the episodic game "angels of death" on Steam was listed as a detection, it's 4 episodes long and unsurprisingly it's dete4cted each episodes exe file as the same thing. i have put each in there own folder as to not rename the files. report as follows. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 16/09/2021 Scan Time: 19:35 Log File: df38ed06-171c-11ec-901c-00ff36ec70ee.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45000 Licence: Free -System Information- OS: Windows 10 (Build 19042.1237) CPU: x64 File System: NTFS User: Sarahs-Gaming-Rig\sarah -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 656168 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 2 hr, 55 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP1\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP3\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP4\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP2\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) pretty sure this is an FP. regards, tidus987 false positive results.txt False positive files (in folders).zip

so i noticed a detection on the report that suggests it's Furmark the GPU benchmarking tool??? here's the report Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 08/09/2021 Scan Time: 21:54 Log File: fda716c8-10e6-11ec-8703-b42e9933a282.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.44763 Licence: Free -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: LukeGamingPC\Luke -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 717140 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 3 hr, 15 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.3553681939, C:\PROGRAM FILES (X86)\GEEKS3D\BENCHMARKS\FURMARK\FURMARK.EXE, No Action By User, 1000000, 0, 1.0.44763, 0C0D07FF181AF22BD3D0E213, dds, 01413785, BB2C0D6845257F10155ADA43E1201B4D, F2AA2B021BFFC2C8FE92CE94EC386F5300B792F8F3670A2E6F761EFD99ADF181 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive report.txt FurMark.zip

malwarebytes just picked up an exe from the epic store. log below. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 01/02/2021 Scan Time: 21:42 Log File: 678bdb72-64d6-11eb-93ac-b42e9933a282.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1157 Update Package Version: 1.0.36589 Licence: Free -System Information- OS: Windows 10 (Build 19041.746) CPU: x64 File System: NTFS User: LukeGamingPC\Luke -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 726523 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 2 hr, 16 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4276318247, E:\EPIC GAMES\OFFWORLDTRADINGCOMPANY\OFFWORLD.EXE, No Action By User, 1000000, 0, 1.0.36589, 444B8443414B8398FEE37027, dds, 01098455, 33D22530D9A32D3A327E567A1419AC67, 883E9259E6171C49536D6F02125A6A0A75914C89F8C2749CA094942DA61AE939 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive.txt false positive.zip

so i just turned this laptop online after a year of inactivity and no detections to see this. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/26/19 Scan Time: 5:41 PM Log File: 28c0c886-7fd5-11e9-b49c-887873d2bc3d.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.10780 License: Free -System Information- OS: Windows 10 (Build 16299.431) CPU: x64 File System: NTFS User: LAPTOP-VD1VDAMR\Sarah Ashworth -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 340858 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 4 hr, 11 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Adware.ICLoader, C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\UPDATES\DOWNLOAD\PACKAGEFILES\AD3B839A-E85C-44F0-8FF6-86FEA4B8A62A\ROOT\VFS\PROGRAMFILESX86\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\RESOURCES\1033\MSMDSRVI.RLL, No Action By User, [467], [651132],1.0.10780 Adware.ICLoader, C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\UPDATES\DOWNLOAD\PACKAGEFILES\AD3B839A-E85C-44F0-8FF6-86FEA4B8A62A\ROOT\VFS\PROGRAMFILESX86\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\RESOURCES\1033\MSMDSRV.RLL, No Action By User, [467], [651132],1.0.10780 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) think it might be an FP as it suggests office as adaware, ran it through virus total, only mbam and one other detected it. msmdsrv.zip

threat scan came back clean. here's the MBST mbst-grab-results.zip

Ok so this issue has been running for a while and each time we've not found a reason as to why. sometimes soon after Startup, Malwarebytes will pop up with this error message. "Malwarebytes is unable to load the Anti-Rootkit DDA Driver" it then requests a restart, runs a threat scan and... were clean, this wouldn't be a problem if not for the fact that it's happening more oftern. the system this keeps happening on dose not go to new site, has been clean for years, and every virus scan we do comes back clean. at this stage i wounder if it needs a freash install of malwarebytes to sort itself out. will send Malwarebytes Support Tool info once restarted and the threat scan comes back clean.

so i'm setting this laptop up for personal use and have only had it a week. this flagged up the day after i installed both 7-zip and paint.net if not an FP are these just in my cache? posible FP.zip possible FP.txt

i've ran a full scan today with rootkit on, it's still fine the message hasn't poped up again. i normally run a full scan after the system finishes startup with rootkit enabled before i log on to anything that's important to me. i know it's not nessasary when i hardly do any brousing, but i will admit i'm paranoid about security. to clarify when the message poped up on sunday it was not when starting a scan or a scedualed scan. i started malwarebytes up, as the MBAM front panel appeared so did the message and i chose to reboot to be safe. but since the one incedent, smooth sailing.

Hi, this is mainly to put my mind at ease when asking this. plus i did not know were to put it on the boards. so i started Malwarebytes 3 today like i do every day on after fully booting the system and i encounted a message were malwarebytes wasn't able to run a driver correctly, the name escapes me but it was a rootkits driver, i think, and malwarebytes said that this could be due to a rootkit. and that it was best to reboot the system. after re-booting everything seemed to boot fine and i ran MB3 only for it to automatically and without warning run a threat scan. i thought, ok, best let it do it's thing. once that was done and came back clean i decided to run my normal scan which was a full scan with all 4 boxes ticked and again, came back clean. i highly doubted there was something on the system because i rarely use it for brousing, don't ever go out of my safety net. (youtube, gameFAQS, wikipedia) the message hasn't appeared again since then and i launched MBAM multiple times to try and see if it was a one off thing. what i wanted to ask is if this was just due to me maybe starting it earlyer than expected or a random thing stopping that driver from launching in that instance. there is no doubt in my mind that my system is clean, this is just me asking to put it to bed and stop my anxaiaty from flaring up. so could this just be a random glitch were for some unknown reasion the driver didn't launch as normal. is that a thing?

thank you

thank you, will this record persist if i was to uninstall and reinstall to the latest version of zone alarm?

just to clarify, how do i add them to the ignore list, all i have is a remove selected button?

what about the registry key?

ok, i've contacted the PUP team as per the post you led me to, i know the PUP it's detecting is part of the zone alarm extreme security package and if i try to remove it zone alarm will stop working which will remove my main firewall. can i add an exception in to malwarebytes?

ok, so my PC just detected 240 PUPs, i recognised the address as the one for the zone alarm tool, PC Tune-up mbam report 11172016.txt PC Tune-Up.zip

thank you, i will do that.

the registriy keys aswell?