Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hi, I'm getting false positives for one of the software products that we develop internally. The software is written in C# .NET and is using the Microsoft MEF Framework to support plugins. I've attached the scan log, and the .EXE that is getting detected. We've added an exception internally, but do not want our users to have the same issue. Let me know if you need any additional information. Thanks MBAM-log-2017-11-24 (13-17-17).txt NativeConnectors.rar
  2. Domain in question is hxxp://www.countryscentscandles.com MX Toolbox shows it as not blacklisted. Also RubbeR DuckY has some broken links in his Sticky on this topic. -Log Details- Protection Event Date: 11/23/17 Protection Event Time: 11:45 PM Log File: 3dc72012-d0d2-11e7-924e-40167eb2a2ec.json Administrator: Yes -Software Information- Version: Components Version: 1.0.236 Update Package Version: 1.0.3335 License: Premium -System Information- OS: Windows 10 (Build 15063.726) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: www.countryscentscandles.com IP Address: Port: [58014] Type: Outbound File: C:\Program Files\Opera\49.0.2725.47\opera.exe (end)
  3. Hi, Just a few minutes ago (around 2:13 PM EST), I started getting Website blocked popups from Malware Bytes premium every 15 seconds. This is the popup: Ran a quick scan and it was clean: Here is my version: Also, here's a sample Report from one of the many:
  4. The site at CONSTITUTION.ORG is being blocked. Is this legitimate, or is it a false-positive. It's a site that I've used for a very long time, and it seems unlikely to be host malicious content.
  5. Hey there, We've cleaned the redirect from shop[.]jeans-land[.]com care to re-test and de-list? Thanks!
  6. Hi, Our website has been listed on your website. The website had been hacked sometime back, but the issue has now been resolved. Could you please get it rectified. https://hopecollective.com Cheers! WMD Technology m: +91 9582595449 w: wmd.technology e: info@wmd.technology
  7. I'm requesting removal of a site from the blacklist. The site is: h---p://www.craigsdesigns.com The ip address is Thank you!
  8. Hello, This is my website: http://ivane.cu.cc It is clean and safe, but Malwarebytes blocked my site. Could you please check and solve this false positive.
  9. Please check the 2 mails below. VT said it is you who send a updated report. Please tell me when can I see my website whitelisted? VirusTotal <contact@virustotal.com> Yesterday, 6:13 PM Indrajit Basu ##- Please type your ry above this line -## Your request (60330) has been updated. To add additional comments, reply to this email. Camilo Benito (VirusTotal) Oct 30, 5:43 AM PDT Hello, We don't scan file ourselves. We receive results from different AV vendors. If it's still listed as malware in our results it's because the AV vendor hasn't sent us updated results. Once they send us updated results, the information is automatically updated in VirusTotal. Please contact the AV vendor and let them know that they have to send updated results to VirusTotal. Thank you Best regards, Camilo Benito - VirusTotal - www.virustotal.com Have you tried the VirusTotal Graph? Indrajit Basu1 Oct 29, 9:45 PM PDT Subject: Bug report Email: indrajit.basu1@datacoresystems.com Text: Please take a look at your report here: https://www.virustotal.com/#/url/c8d81abcd7688b1772648be28a58baa57e2267fee59c9e38fcf1a2493744c64e/detection MalwareBytes has confirmed that they have whitelisted my website. The change is not reflecting simply because VT has not yet synced with them. Can you please confirm? [JMEOM8-ZYXE]
  10. We have received complaints from some users that they can not log into their accounts at https://platform.jsecoin.com due to a block placed on the site by malware bytes. The platform does not contain malware and I believe it was flagged because we do web based cryptocurrency mining. Users have signed up for an account and want to access the platform to check their balances and run the mining script. The web mining platform is javascript based and does not include any downloadable content which could be considered malware. If you get a chance to test the platform you will see it is quite different to most peoples preconceptions about cryptocurrency mining. Main domain: https://jsecoin.com Sub domains: https://platform.jsecoin.com, https://api.jsecoin.com, https://load.jsecoin.com IP address: If you require any further information please do not hesitate to contact me on here or via email.
  11. Hi, This is my second post to the forum. I had already informed that my website is marked as a "Phising" site by MalwareBytes hpHosts. Strangely, nobody else has marked us with any issue. We were informed earlier that the block will be removed and no action is taken. The topic was also closed without resolving the issue. We need an explanation of this arbitrary action and request a quick solution to this problem. VT Link: https://www.virustotal.com/#/url/c8d81abcd7688b1772648be28a58baa57e2267fee59c9e38fcf1a2493744c64e/detection
  12. Our website, www.cheathappens.com is being blocked by your software for no apparent reason. We have been in business for 18 years, have over 3 MILLION subscribers and have no malicious content on our site that would necessitate a block. We have a full clean bill of health from VirusTotal: https://www.virustotal.com/#/url/81021c9e78eb908e36c4c9fb15b3e97436952011f7be82db1aaaa49670b3f796/detection Please remove this block on our website. Thanks, Chris O. Cheat Happens Attached is the log file from Malwarebytes and the specific error in the browser is: Can’t connect securely to this page This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner. log.txt
  13. This website is being reported as malware. The website is clean please give a check
  14. I am a Senior technician for a la mode technologies, llc. and we are getting reports that one of the files in our software is getting marked as a virus on our customer's machines by Malwarebytes. This is causing issues for both our customers and for use and we would like to have this file scanned and remove from the virus detection to prevent further disruption to our customers work. Thank you, Jason Krise Senior Tech. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/13/17 Protection Event Time: 11:43 AM Log File: aee63d22-b035-11e7-8f15-d8cb8a4f7edc.json Administrator: Yes -Software Information- Version: Components Version: 1.0.212 Update Package Version: 1.0.3005 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Behavior Protection Protection Technique: Exploit payload from UNC blocked File Name: \\ka08\total program share\WinTOTAL.exe URL: (end) Malwarebytes false positive.txt WinTOTAL.zip
  15. I manage the following domain: www.nutri-pel.com There is currently only a NEWLY INSTALLED Wordpress template on this domain. I am going to build a new website. The old site was completely deleted (the entire contents). Godaddy techs claim that entire shared server is clean. I now have Godaddy Site Security Pro monitoring the site and a scan shows it clean. Sucuri Sitecheck confirms no Blacklistings or infections. The MWB log is also included below. Thanks for UNBLOCKING this False Positive Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/9/17 Protection Event Time: 11:10 AM Log File: 05e8b526-ad04-11e7-8418-5404a64e3f14.json Administrator: Yes -Software Information- Version: Components Version: 1.0.212 Update Package Version: 1.0.2981 License: Premium -System Information- OS: Windows 10 (Build 15063.608) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: nutri-pel.com IP Address: Port: [3784] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  16. I'm in the computer support business, so I know a bit more about computers than the average person. As of Oct 3, 2017 I no longer got any e-mail on Thunderbird. In an effort to figure out why I uninstalled TB, updated TB, ran tons of security scans all to no avail, after already successfully accessing my e-mail via the 1and1 Web Mail. So I knew the problem was not with 1and1. Searching the web failed to yield any helpful information, until I systematically disabled various security programs. Avast was not the culprit, but then I found it. Malwarebytes Premium, and narrowed it down to Web the Web Protection Component. Disabling it immediately fixed the problem. Enabling it blocked any new mail once more. So, I excluded 1and1.com, enabled Web Protection and tested the mail, and it was working. In addition to this incredibly annoying, time wasting problem. Malwarebytes since upgrade from v 2.xxxx has been more of a PITA than any other Security Program I have ever used. 1. Various Protections turn on and off in some unpredictable manner 2. Updates fail to appear on some machines, while they are announced on others 3 The exclusion interface has been badly degraded to waste a lot more time than on earlier versions. Countless postings asking for a fix went no place. Get your act together and follow Avast's excellent interface example for how to Exclude Folders/Files, swiftly with minimum clicks. Fire the incompetent idiots who are constantly screwing things up.
  17. Hi, I'm new to this forum. I am sending 2 files as CaptureOne Pro now attempting outbound connections. Regards to all. 2f0aefe3fb994054b884b2a408e73967.monitor-eqatec.com CaptureOne.rar Suspected false positive with CaptureOne.txt
  18. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Jacki\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Jacki\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\Jacki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Advanced SystemCare 10.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Smart Defrag 5.lnk PUP.Adware.Heuristic, C:\Users\Jacki\AppData\forge-1.11- PUP.Adware.Heuristic, C:\Users\Jacki\AppData\forge-1.11- ***** [ Tasks ] ***** PUP.Optional.Legacy, ASC10_PerformanceMonitor PUP.Optional.Legacy, Driver Booster Scheduler PUP.Adware.Heuristic, forge-1.11- PUP.Adware.Heuristic, ASC10_SkipUac_Jacki ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
  19. HI, Our Website www.gocsb.com is blocked for malware from Malwarebytes .. and hosting company and everyother tool , antivirus and malware scanner says site is safe and clean .. Please resolve this problem asap. Thanks in Advance! Yogendra Singh
  20. Since last October, I've been using SonLVL, a tool for modifying levels in the classic Sonic the Hedgehog games, without any harm done to my computer. Today, though, Malwarebytes blocked and quarantined the program as malware when I launched it to try to help a friend who was starting out in Sonic modding. SonLVL.zip SonLVL False Positive.txt
  21. I just enabled the Website Protection feature in MB v3.2.2 a few days ago and now every time I browse to a new page (or refresh a page) on the Malwarebytes forum (https://forums.malwarebytes.com/) I receive a warning for an inbound block for the domain a6nrdb6.x.incapdns.net. The IP addresses vary but are primarily: Dashke's post today in the thread Is this a false positive? (incapdns.net) noted that a block for a similar domain lf5am.x.incapdns.net was a false positive. A Google search leads me to suspect that Malwarebytes is using web hosting services from Imperva Incapsula (incapdns.net), but it seems odd that the MB's Website Protection would be blocking legitimate inbound traffic on their own user forum. Here's the latest report: _____________________________________________ Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/30/17 Protection Event Time: 7:47 AM Log File: 5273cb1c-8d81-11e7-8e47-001e6830bdd4.json Administrator: Yes -Software Information- Version: Components Version: 1.0.188 Update Package Version: 1.0.2689 License: Premium -System Information- OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: a6nrdb6.x.incapdns.net IP Address: Port: [0] Type: Inbound File: (end) ---------- 32-bit Vista Home Premium SP2 * NS Premium v22.10.0.85 * MB Premium v3.2.2.2018-1.0.188 * Firefox ESR v52.3.0 * Adblock Plus 2.9.1 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  22. We are getting detected as a suspicious website fix this issues. I attached scan log. https://virustotal.com/#/url/8e1365d996cf94cd277b246549d35df39634783597137ed147907bb93e79754d/detection
  23. The domain in question is "image.ibb.co" and MBAM, since I had it updated to 3.2 today, has flagged it. I don't know if that's for real or is it a false positive. It happens everytime I visit another forum but it's only coming from the URL of one's avatar uploaded there. Please put my mind at ease regarding this... thanks.
  24. Hey guys, This website (seamlesssuperiors.com) has been clean, would it be possible to review and remove it from the blacklist ? Thank you
  25. Hi, There is report indicating false positive for subject websites. please have them remove from your end, also let me know the reason of blockage. pakistanarmy.gov.pk ispr.gov.pk Thank you Mahesh
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.