Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hi guys - we scanned our computer with Malwarebytes and found that it is flagging one of our sites and suggesting that we remove the FF extension. The user has searched for and downloaded this extension for their use. Can you please take a look and let us know what is causing this? Any assistance will be appreciated. Thanks so much. Best, Teala
  2. Hey guys - our site is being blocked by Malwarebytes Pro and we believe this to be a false positive. Could you please review and let us know what is causing this or remove the block if you find this to be a FP? Thanks so much. Best, Teala
  3. Hi guys - we are getting flagged on http://yourspeedtestnow.com/SpeedTest We believe this to be a false positive. The exe/installer are receiving the flag. Could you please took into this and let us know how we can resolve this? I've attached the scan results. Thank you so much, Teala Comer Malwarebytes Scan Results.txt
  4. Within the last week, Malwarebytes is blocking execution of a Quarri binary which is causing Chrome (and IE) to crash. It is quarantining kldetect.dll, which is a Quarri signed binary, unpacked and loaded at runtime. Is it possible to whitelist by code signing certificate? QuarriAgent_tmp.zip
  5. Hello MBAM team, I am receiving email alerts from a number of false positives on a couple of our servers. I have tried excluding those objects from future scans, and adding them to the ignore list. This has not prevented the files from listing as threats and triggering email alerts. I have redacted any sensitive information in the copy/paste below. What steps can I take to prevent these unwanted false-positive alerts? Thanks!
  6. Every zippyshare link I try to access is currently being blocked by MBAM as potentially malicious - think something similar happened about a year ago?
  7. Hi, I have a potential false positive - I use th TotalVPN vpn softare on my laptop (and have been for a few months) and it has not come up before. However, malwarebytes is now detecting all files in the totalvpn install folder (939 files) as a trojan. I have attached logfile and zip of programmes as per instructions. Please advise if I can ignore this, or if I have a problem. Thanks. Malwarebyte_Log20161023.txt TotalVPN.zip
  8. The domain hxxp://pulsair[.]com seems to be blacklisted for phishing: https://virustotal.com/en/url/8bc5b64ed90800c1b3d886b6faead2e87b85d4c616ec1a92149cc3f56177eb65/analysis/1477085339/ The phishing page has been removed. Would you kindly remove from your blacklist? Thanks!
  9. Just ran newest database update (v2016.10.19.12) using Anti-Malware Home - reported Advance SystemCare 9.x was PUP.Optional.AdvanceSystemCare was dangerous. I accidentally accepted and DELETED ALL ... losing ASC AND DriveBooster. Closer examination revealed that PUP.Optional.DriveBooster (DRIVE BOOSTER) by IOBit was also a threat; also deleted. Reinstalled and exempted the directory and all programs. Obviously a false positive ... not reported by earlier database updates (including yesterdays). Mike Irwin
  10. A MBAM v2.2.1 Threat Scan of 25-Sep-2016 (malware database: v2016.09.25.06) quarantined the following registry entry as Trojan.StartPage.E on my 32-bit Vista computer (see attached scan log): Registry Keys: 1 Trojan.StartPage.E, HKU\S-1-5-21-3086198521-800258848-3831315664-1001_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}, Quarantined, [9dbd96e06832d75fc6809466986c1fe1], I noticed that didero's 27-Sep-2016 thread Trojan.Startpage.E in this board reported a similar detection for a registry entry for ....\WOW6432NODE\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} on their Win 10 computer that was confirmed as a false positive. A Google search indicates this CLSID might be associated with the Internet Explorer browser, so I'm not sure if my Trojan.StartPage.E detection is also false positive or a real detection for a browser hijacker. Mozilla Firefox v49.0.1 is my default browser. ------------- 32-bit Vista Home Premium SP2 * Firefox v49.0.1 * IE9 * NIS v22.8.0.50 * MBAM Premium v2.2.1.1043 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS MBAM Scan Log Trojan_StartPage_E 25 Sep 2016.txt
  11. Hello, One of our sites is being repeatedly blocked by Malware bytes: hxxp://howardleague.org/ Could you please advise on why and how we can fix this? A screenshot is attached.
  12. Today I updated my Games trough U_Tility. After updating the last game MBARW deleted it. (I had enough Problems to download) My friend is using this tool since 2 years (but does not use MBARW) and nothing happend. (No Ransomware.) But now MBARW doesn't allow me to restore it.
  13. mx1.hotmail.com returns if malwarebytes, up to date, as of 8pm central 10/4/2016.
  14. Hello, www.optimusdigital.ro (, a legitimate e-commerce website is blocked. Here's the protection log entry: Malicious Website Protection, IP,, www.optimusdigital.ro, 50210, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  15. In a recent thread in the False Positive forum, a Malwarebytes customer was told the reason a site was being blocked was because: From the blacklisted link above, NABP's "blacklist" is a little wider than stated. The actual current quote is: Yet CIPA.com and PharmacyChecker.com give this site, high ratings for patient safety and pharmacy practice standards. Why the difference? Because NABP puts all non-US mail-order pharmacies on its "blacklist" while the other two focus their ratings on patient safety, pharmacy practice standards and customer satisfaction. Malwarebytes appears to have chosen to use NABP's "Not Recommend Sites" list to block access to them. Note that none of these three private industry organizations have legal authority to regulate anything. And none of them claim that their ratings have anything to do with malware. So it's unclear to me why Malwarebytes is saying "Malicious Website Blocked". Also is Malwarebytes also blocking these sites for Canadian citizens?
  16. Hello, Out of the blue I get a message that the Trojan.Startpage.E is found in registry item: Trojan.StartPage.E, HKU\S-1-5-21-3272883411-1201957109-1333608562-1000_Classes\WOW6432NODE\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}, , [05b7284e7624ce68d570f00a47bd659b], Did a full system Virusscan (Eset), and a full scan with two other Anti Malware packages (McAfee Stinger and AdwCleaner). Nothing is found. When I remove/quarantaine the item some of my icons in the System Bar are hidden after system restart. Did the scan with Malwarebytes again just now with the same resultst: Versie: Malware-database: v2016.09.27.08 Rootkit-database: v2016.09.26.02 Licentie: Premium Malware-bescherming: Ingeschakeld Bescherming tegen kwaadaardige websites: Ingeschakeld Zelfbescherming: Ingeschakeld Besturingssysteem: Windows 10 Processor: x64 Bestandssysteem: NTFS Gebruiker: ASRock i3770K The only thing I can find when searching the registry for {871C5380-42A0-1069-A2EA-08002B30309D} is a reference to Classic Shell which is still working after removal of that registry entry. Could this be a false positive since the Trojan.Startpage.E dates from 2003/2004?
  17. Hello, I am developer of www.dealsbro.com. Malwarebyte is blocking my website. This is price comparison website. It only compare prices among my affiliate stores. Even this website is not involved in any transaction process. Dealsbro is not dealing with any malicious content. It is completely safe for all users. Please review again. Domain: www.dealsbro.com IP:
  18. Can anyone verify that MBAM takes into account registry changes made by GPO before showing them as possible malware changes? Just want to be sure that any registry changes we make due to GPO will not show up in MBAM scans as false positives.
  19. Lately, every time I use revo uninstaller to remove a program I get a "ransomware detection" notice. See enclosed screenshot.
  20. All of a sudden MBARW started quarantining Nvidia Files placed in my User Profile at the directory C:\Users\marc\AppData\Local\NVIDIA\NvBackend\Packages\000093e1. I have uploaded the first one that was detected as zip. After rebooting the machine 1 day later I got another quarantined filed in the nearly identical directory Nnvidia\NVBackend\00093f3 also with a very similar name "DAO.21159685.exe. I think nvidia started downloading files for its "Geforce Experience" Engine or for driver updates that are now detected as false positives by MBARW. DAO.21154721.zip Malwarebytes Anti-Ransomware.zip
  21. hi, i posted 4 unlisted pdfs on issuu.com over the past week. my computer has always allowed me to open them fine. now suddenly malwarebytes is flagging them as a malicious website - so i can't access them. please unblock or let me know how i can configure malwarebytes to allow them; i added issuu.com as a domain exception, which hasn't worked... thanks, atmos
  22. Hi, Our website www. blueshydrugs .com ( is clean, but it is marked by your MBAM program as malware website. Please unblock it. If you believe it is not a F/P, please shed a light on how to improve the website. Thanks!
  23. Malwarebytes Anti-Malware (MEE) www.malwarebytes.org Database version: main: v2016.09.07.06 rootkit: v0000.00.00.00 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18376 cmckinney :: CMCKINNEY7 [administrator] Protection: Enabled 9/7/2016 2:04:53 PM MBAM-log-2016-09-07 (14-08-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Objects scanned: 407870 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\cmckinney\Desktop\grx.dll (Spyware.Banker) -> No action taken. [c0921d525e3cf145e86dc3a727d9748c] (end)
  24. hello my website : hxxp://www.enchantier.com was considered as an EMD yesterday... can you help to know why ? hosts-file.net/default.asp?s=enchantier.com today it seems ok , but i want to know why for the future! Thanks ps : sorry for my bad english, i'm french
  25. I've downloaded the useful tool "Bat To Exe Converter" from http://www.f2ko.de/en/b2e.php It's a useful tool if you want to make EXEs out of BAT files (with icon). The problem is that any result file gets erroneously detected as malware (attached). Try for example to create a simple bat file to launch a program and attach an icon (.ico) to it (e.g. see my attached Eleusis Game Launcher.exe) Eleusis Game Launcher.zip
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.