Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Please unblock hxxp://www.cga.web.id 198.54.114.146 (shared hosting). This is my housing contractor website, legal and clean. Thank you. ======= Here's the log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/30/17 Protection Event Time: 10:35 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.2259 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: www.cga.web.id IP Address: 198.54.114.146 Port: [50842] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  2. Hello, I have spent many time exchanging by email with your customer support witch finally advise me to post on that forum because he has no power to answer and solve my problem?! So, here is the problem: On the 7 of june 2017, I noticed that one of my customers - with I had promoted and installed Malwarebyte AntiMalware premium - could not reach my web sites because of false positive blocking by your software. The urls are : hxxp://aide.ordi49.fr hxxp://wiki.ordi49.fr Here are the IPs : user@devuan:~/$ dig +short ordi49.fr 185.81.156.53 185.81.156.51 185.81.156.52 185.81.156.54 But the IP address range is wider and my hosting provider can use any of them for my websites: user@devuan:~/$ host aide.ordi49.fr | sort aide.ordi49.fr has address 185.81.156.16 aide.ordi49.fr has address 185.81.156.51 aide.ordi49.fr has address 185.81.156.52 aide.ordi49.fr has address 185.81.156.53 aide.ordi49.fr has address 185.81.156.54 aide.ordi49.fr has address 185.81.156.55 aide.ordi49.fr has address 185.81.156.56 aide.ordi49.fr has address 185.81.156.57 aide.ordi49.fr has address 185.81.156.58 aide.ordi49.fr has address 185.81.156.59 aide.ordi49.fr has address 185.81.156.60 Your customer support answered me he was advised that it may be any reason for that blocking but he can't tel me that reason. This a false positive. Please, take the browse deny rules off for my websites. Regards, Mederic Claassen.
  3. Hello. As of today (June 28th 2017) AdwCleaner is tagging OpenDNS nameservers as an infection. Best regards. AdwCleaner[S0].7z
  4. Hi Support, related to service ticket 00030305. IP address is 94.100.26.9 is wrongly blacklisted.Virus total link sent via ticket are old entries and as per ticket i made it clear that this is false positive. can this IP please be whitelisted at earliest, any questions, please do let me know. regards, Kaleem
  5. See log and attached sample FalseRansomCerber.zip Advanced_Uninstaller11.zip
  6. Hi guys! This site has been cleared by sucuri.net: www.gearthhacks.com Would you mind to review it and delist from your blacklist? Thanks!
  7. I have a macro in Excel that backs up my workbook every time I save it. It does this by creating a date-time-stamped version of the workbook just saved using the command: C:\WINDOWS\system32\cmd.exe \c Copy E:\Users\Papa\Documents\Development\Modeling\Compressor\nz1\nz1 Develop Performance for Chiller Model.xlsm E:\Users\Papa\Documents\Development\Modeling\Compressor\nz1\History\2017-06-19\nz1 Develop Performance for Chiller Model 2017-06-19_08-55-58.xlsm \v This causes Excel to stop instantly. This is unacceptable. Should I get rid of MalwareBytes? Attached is the report. Here are the guts of it: -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe \c Copy E:\Users\Papa\Documents\Development\Modeling\Compressor\nz1\nz1 Develop Performance for Chiller Model.xlsm E:\Users\Papa\Documents\Development\Modeling\Compressor\nz1\History\2017-06-19\nz1 Develop Performance for Chiller Model 2017-06-19_08-35-40.xlsm \v URL: Excel Blocked.txt
  8. Hi, I'm Florian, developer of the Freeware tag editor Mp3tag. Recently, I'm getting lots of emails from users of both my program and Malwarebytes AdwCleaner regarding a potential threat that is found when scanning with AdwCleaner v6.047. The log says File Found: C:\Users\Public\Desktop\Mp3tag.lnk I've double-checked that this shortcut doesn't link to anything else as the Mp3tag.exe and also checked the installer, also via VirusTotal. Please have a look and fix if necessary. Kind regards – Florian
  9. Malware malbytes is blocking DRUDGE REPORT with this message: Something interferred with this site loading. It started this morning. I already added the domain name to exclusions without any effect. Also, I tried to post a screen capture of the message here, but it would not allow me
  10. I was trying to create a Jaxx bitcoin wallet using the Jaxx Chrome extension and Malwarebytes blocked its access to btc.blockr.io Everything I have read leads me to believe this is a false positive. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/8/17 Protection Event Time: 11:41 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.2111 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: btc.blockr.io IP Address: 104.16.148.172 Port: [63085] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  11. Hi, I am the sites owner. Regardless of the controversial (yet fully legal) content being hosted on Breach Forums, there is no reason as to why the forum should be blocked. Link (for reference): http://breachforums.com/ The site does not directly host any downloads. All downloads are hosted on third party software, which clearly poses no thread to any MalwareBytes users who are simply browsing the forum. There is no malware hosted on the forums and we follow a 0 toleration policy when it comes to the safety of our users. A lot of users have had to uninstall MalwareBytes to actually use my forum, and this is not good news for us, or for you. Please do us both a favor and remove the block.
  12. MyCleanPC.com is being detected as a false positive and is being blocked. Please remove the false detection and let me know if you need any further information from my side to do so. (I've attached the log files per your informational post) Thank you in advance for your help with this matter! Best, Jordan reports.zip
  13. Greetings, Just today, MBAM started shutting down Winamp until I added an exception for it: Here is the log file for the event: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/7/17 Protection Event Time: 8:55 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1890 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0 -Exploit Data- Affected Application: Winamp Player Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: (end) I have also attached the log files from C:\ProgramData\Malwarebytes\MBAMService\logs\ and FRST64. Cheers, Zzyzx mbam-winamp-false-positive.7z
  14. Several of our mutual customers have reported Malwarebytes Premium detecting Beyond Compare 4.2's executable "c:\program files\beyond compare 4\bcompare.exe" as Malware.Ransom.Agent.Generic. I tested a trial version of Malwarebytes on a Windows 10 virtual machine but I've been unable to duplicate the false positive. I've attached a screenshot of the false positive sent to me by one of our mutual customers. The customer reported the false positive didn't trigger during software installation, but afterwards while copying or moving files using Beyond Compare. If you'd like to evaluate Beyond Compare on a test system, the download page is: http://www.scootersoftware.com/download.php The direct link to the version of the software reported by our mutual customer is: http://www.scootersoftware.com/BCompare-4.2.0.22302.exe I'll monitor this forum thread, but you're also welcome to contact us by email at support@scootersoftware.com. Chris Kennedy Technical Support Team Lead Scooter Software
  15. Before submitting a possible FP, please be sure that you have - 1. Checked the list of blocked gTLDs (Generic top-level domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. These gTLDs are blocked because the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers.) Currently we are blocking the following gTLDs - .accountant .reisen 2. Used the search function on the forum Please be sure that the domain/IP that you want to submit is not already submitted by another member. 3. Gathered protection logs/screenshots and attach them with your message How to get protection logs in Malwarebytes 4: Press the button Click Reports: The logs are stored here. Save / export the log that contains the detections you would like to have us review. You can either save it or copy it to clipboard and paste it in a new topic HERE ------------------------------------------------------------------------------------------------------------------------------------------------- If the gTLD/domain/IP is blocked and you still want to access it, you can add it to the Malwarebytes exclusions list - Malwarebytes 4 https://support.malwarebytes.com/docs/DOC-3543 Malwarebytes 3 https://www.malwarebytes.com/support/guides/mbam/Settings3.html#exclusions ------------------------------------------------------------------------------------------------------------------------------------------------- If you still want to submit the FP, please create a new thread and provide the domain/IP with your protection logs (please open 'MBAM', go to 'History' and attach the log where the detection is recorded). For more information about the protection logs, please see this link. Thanks to everyone who follows these instructions!
  16. Hi, I'm a technical admin for the IPs 54.213.49.58 35.161.76.122 52.36.80.160 This site currently passes all my security scans, has solid SSL certs. Can you please delist these IP and tell me why it was listed in the first place? It redirects to other domains, so if one of them is hosting malware I can track it down.
  17. Malwarebytes Version: 3.0.6.1469 Component Package Version: 1.0.103 Update Package Version: 1.0.1793 I use Malwarebytes premium. So, as you may or may not know Garry's Mod is a sandbox game on steam. I am having an issue where when I join servers sometimes the game will crash in the loading screen and Malwarebytes will mark the file as ransomware. Sometimes it states that it is chrome.exe and sometimes it states that it is the HL2.exe process itself located in the Garry's Mod folder. (Which makes sense as many Media player addons use a chromium base as far as I am aware.) I think the anti ransomware component in the Malwarebytes client may be seeing the file encryption system the addons use as malicious, though I am not an expert. For some reason, after being "detected" none of these files actually end up in a quarantine: this is one of the reasons I believe this is a false positive. Also, I have been playing this game for a really really long time and never had any issues whatsoever so I am honestly just looking for a bit of clarity. It's hard to get the exact file path for the problematic component because as I stated none of these files ever end up in the quarantine zone. The one time I fully caught the detection, it stated it was detected as "malware.ransom.agent.generic". Every time I scan after this happens nothing EVER comes up as a detection, this only happens in real time when joining servers. EDIT - Also, after this happens the game exe switches icons to the default exe icon from the game one and refuses to be edited (deleted or anything) so I have to revalidate the file through steam to set it back to normal. I think malwarebytes may be damaging the exe when it force stops it. *Just to clarify, all addons were acquired through the steam workshop or in game FastDL, I do not download from untrusted sources and am usually very careful about downloading ANYTHING. I posted here because I am kinda paranoid and want to know whether it's time for me to format and accept this as a real issue or getting the peace of mind that this is genuinely a false positive. If there are any formatting issues feel free to let me know as I don't post here very much although I do use this product frequently.
  18. This is my first time posting on this forum, so I apologize in advance for any formatting errors. The Nexus Client is a program provided by nexusmods.com for the purpose of managing modifications that can be applied to games that support it like The Elder Scrolls V: Skyrim, The Elder Scrolls IV: Oblivion, Fallout: New Vegas, and so on. I have used this program for several years without encountering a virus. However, Malwarebytes has recently begun quarantining the client whilst I am in the process of installing modifications to my games; I believe that these are false positives, as the modifications that I am installing have been downloaded and installed by thousands of other users without any problems, not to mention the fact that they have already been scanned on VirusTotal with zero detections. I managed to reproduce the false positive by attempting to install an already-installed modification; overwriting the files in the installation process, I managed to trigger the quarantine of the Nexus Client. I do not know the root cause of these detections; but, I am guessing it is linked to the installation process, as I have not experienced a detection while the client is idle or downloading modifications. I have since scanned the client on VirusTotal (https://www.virustotal.com/en/file/d372f686b789f7646f661b272d95e276932f4a42af7cefe7ae51afe508e423cc/analysis/) with the SHA256 being listed as the following: d372f686b789f7646f661b272d95e276932f4a42af7cefe7ae51afe508e423cc -Log Details- Protection Event Date: 4/21/17 Protection Event Time: 10:38 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1777 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Nexus Mod Manager\NexusClient.exe, Quarantined, [0], [-1],0.0.0 (end) NexusClient.zip
  19. We use the software MacroExpress ( https://www.macros.com/ )to automate a lot of our work and yesterday Malwarebytes picked it up as ransomware and wants to delete it. I would like to keep using this software without it being deleted, this is a false positive.
  20. Good Morning I'd like to report a false positive. For hxxp://pssltd.co.uk Please find attached the screenshot of MalwareBytes blocking the website. Many Thanks, Mark
  21. I currently just finished writing a chatting program that uses windows sockets. Only after I just finished it gets detected. I am pretty sure that there is nothing malicious about it. I also did check and reverted to older versions of it but they all get detected now. I read up on these and it does nothing mentioned Link Here is a virus total scan and it seems that it's juss malwarebytes and some other ant-virus that pics it up Virus Total pSimpleChat.rar
  22. Hello malware bytes just detected a file known as: Unknown.rootkit.driver which seemed to have infected: C:\WINDOWS\System32\drivers\agilevpn.sys i am wondering if this is a false positive? These are the logs: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/20/17 Scan Time: 11:27 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.75 Update Package Version: 1.0.1549 License: Free -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: LAURIDS-PC\LauridsFrej -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 380961 Time Elapsed: 23 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\agilevpn.sys, Replace-on-Reboot, [0], [0],0.0.0 Physical Sector: 0 (No malicious items detected) (end)
  23. Since 2/20/17, scans have been detecting signs of PUP.Optional.Yontoo.ChrPRST which I believe to be a false positive. The scan I performed 24 hours prior did not show this detection and nothing of consequence was installed during that period that I can recall. When I quarantine the affected items, my Windows profile is significantly affected; therefore, I restored all quarantined items for the time being. I would appreciate it if someone can confirm this suspected false positive and make the appropriate adjustments to the signature files. Thanks. MBAM Yontoo FP.zip
  24. i'm building this website for my client. WP webstie hosted by WPengine with SSL/HTTPS and Cloudfare. (same configure like my other websites) my client uses Malwarebytes and notified me the site is blocked by Malwarebytes (IP 104.31.84.111,port 60107, types Outbound, cloudfare IP) i need to disabled the cloudfare temporarily in order to bypass this problem. please unblock my site asap. thanks for help
  25. Clients of ours receiving false positive about our website. Please unblock. Website operates from multiple IPs all within our address space.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.