Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Avast Antivirus attempted to update Foxit Reader but MAR blocked the update. I tried to follow the instructions but there is no MBAMService folder at the indicated location. C:\ProgramData\Malwarebytes\MBAMService\logs In general the technique for False Positive reporting is overly complex and time consuming. I already wasted over 15 minutes trying to follow the instructions. Programming the software to make this easier would be a lot better way to do this. The reasonable way to do this is how other software does this, which is ask the user at the time of OCCURENCE to choose" A I know what this is and I want to allow it B Go ahead and block this C I don't know if this is OK or not, block it. Of course this assumes that one of your goals is to make things easier for the client.
  2. We launched a new version of Gramblr with a scheduler and auto-updater. Some of its installation files and keys are now listed in Malwarebytes, causing application errors for users. Trojan.Downloader, C:\Program Files\Gramblr\gramblr.exe, 7132, , [13e678e10c7fc2743dd9e0b00df46e92]Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gramblrclient, , [13e678e10c7fc2743dd9e0b00df46e92], Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Gramblr, , [13e678e10c7fc2743dd9e0b00df46e92], Trojan.Downloader, C:\Program Files\Gramblr\gramblr.exe, , [13e678e10c7fc2743dd9e0b00df46e92], You will find the executable attached. Thanks for your help gramblr.zip
  3. Hello, I am using Malwarebytes Anti-Ransomware Beta Version Shortly after closing the game "Elder Scrolls Online" I get the message, that the associated "eso64.exe" has been quarantined. I already rebooted and added the file to the exclusions, but it still gets detected and quarantined everytime after playing the game (i. e. after closing the application). eso64.zip logs.zip Malwarebytes Anti-Ransomware.zip
  4. logs.zip Malwarebytes Anti-Ransomware.zip Subnautica.zip
  5. MalwareBytes (free) scan detected that 11 files on a server had Trojan.Dropper and we ran them through VirusTotal which indicated that only MalwareBytes out of 55 flagged them as bad We submitted them to our AV vendor who advised that they were OK. Hope that you can analyse them and determine whether or not they are infected Regards FSC.zip books.zip
  6. Writing from italy so sorry for any mistakes. altervista.org is constantly blocked by malwarebytes. Also my site that uses altervista as ftp is blocked. albertobolognesi.altervista.org in recent months it was not blocked what's going on?
  7. A client of ours has reported that their login our server, using a secure cPanel port and the hostname, has been blocked as a Malicious Website. As this is necessary for cPanel and webmail logins for our clients and it's not a malicious site, we are requesting a removal of the listing as well as any potential reason for why it may have been listed. Hostname: gator4237.hostgator.com IP:
  8. Hello Sirs, My name is Ian, a representative of TweakBit here. We've a got a false detection (PUP) by Malwarebytes concerning our product TweakBit FixMyPC (tweakbit.com/fix-my-pc/). We are aware of your general attitude towards this kind of software. We think these arguments will help you to make the balanced decision. 1. We do not have aggressive bundling like our competitors in the market. 2. Our product is not free and doesn't provide full functionality for free, only the issue scan, but we guarantee 30 day refund, with no questions asked. This results in 100% customer satisfaction. If customers don't feel any benefits they will get the money back. 3. Our product doesn't have only register cleaner, but several useful tools like Uninstall Manager (helps to get rid of hardly uninstallable software) and Tweak Manager (applies better system settings depending on your goals). 4. You may consider our software as digital snake oil, but this seems to you because like any other IT specialist you have a decent computer with relatively new hardware. But most of our target audience (90% of our customers) are elderly people with old PC hardware, small hard drive and RAM, and clogged OS. In their case, one alone registry cleaner does really help to improve the PC performance by 20-40%. 5. We do not scare users, we do not say in the program that the found issues cause damage or smth. We say that the issues found have a certain priority (low, medium, high) in the improvement potential. 6. We have a live chart support, free call phone support (USA and Canada), free email support and the direct refund request form for users not noticing any improvements http://www.tweakbit.com/support/contact/?contact=1 7. We are not worse than Norton Utilities or AVG TuneUP products which are not flagged as PUA by you. 8. We are a real GOLD application development partner of Microsoft and the trusted company by millions of users. You can download our product here: tweakbit.com/fix-my-pc/ and we can even give you the license key to test the product if you like On the basis of the points above we kindly ask you stop flagging us as PUA asap.
  9. Wondering if this Ransom.Cerber result is a false positive, like some of the other recent ones. The detected file is xutil.dll, which has a creation and modified date of 1/2/2003. This DLL is part of the Solid Edge V14 3D CAD program, and the dll itself is listed as being from Spatial Corp. Thanks. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/27/16 Scan Time: 12:56 PM Logfile: Administrator: Yes Version: Malware Database: v2016.06.27.05 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ----- Scan Type: Threat Scan Result: Completed Objects Scanned: 300177 Time Elapsed: 5 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 1 Ransom.Cerber, C:\Program Files (x86)\Solid Edge V14\Program\xutil.dll, , [05ec48b91a80c5719ee6717a4db4fd03], Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Ransom.Cerber, C:\Program Files (x86)\Solid Edge V14\Program\xutil.dll, , [05ec48b91a80c5719ee6717a4db4fd03], Physical Sectors: 0 (No malicious items detected) (end)
  10. I've had 2 false positives so far and reported both. I'm glad you guys are working on this. However, when it says the files are moved to Quarantine, they are actually just being deleted as far as I can tell. Nothing is listed in the Quarantine tab at the time of the infection alert, nor after a reboot, nor after turning protection off. Are the files gone forever, or is there a way to actually recover them? Thanks! (I'm running on Windows 10)
  11. hxxp://www.honorshaven.com gives a false positive. Error message listed below. "Your Malwarebytes malicious website blocking technology has blocked outgoing or incoming communication between your computer and a malicious Internet Protocol (IP) address. That's a good thing. This communication could be: An attempt to download malware onto your computer An attempt to redirect you to a malicious webpage An attempt to deliver malicious advertising" Please advise on why this is happening and what steps we can take to correct the issue. Thanks in advance!
  12. Microsoft Office's ClickToRun.exe was flagged sometime around June 21st at 3am Again, MAR says it's quarantined, but it doesn't show up in quarantine and I am unable to restore these legitimate files. It's deleted everything from the following directory: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates I'm going to stop beta testing. This program is doing more damage than protection. If you can tell me how to restore these files, I might reconsider. Thanks and good luck. MBAMSERVICE.zip Malwarebytes Anti-Ransomware.zip
  13. Hi Support, I ordered malwarebytes today and couldn't help notice that malwarebytes flagged my website passguarantee.com. This website is not even online yet as we are about to launch it in a couple of weeks. Right now it is blocked in Google before we go live via robots.txt file but we couldn't help to notice that malwarebytes flagged this as malicious. There is nothing malicious at all with the site and it not even live yet. I checked the ip address and noticed that at one time in 2013 the ip address belonged to a site called www.watchessite.net which had an issue it seems according to here: https://www.virustotal.com/en/ip-address/ We have had this site since 2015 beginning Jan and never launched it but we are ready to launch it now and we have this message which is very concerning. Can you please remove this block as there is nothing malicious about this but I can understand why it was blocked because before it was used for a site called http://qualitywatches.net/ which is not used for this anymore we were assigned this ip by our provider and didn't know this. I would like this removed ASAP thank you. Please let me know if you need anything else. Bye for now.
  14. MBARW tagged the DAZ Install Manager as ransomware. It waited until DAZ was well in the middle of downloading content before giving the ransomware alert, so it did mangle some parts of my installation of that package. MBARW's quarantine hung the installer and it needed to be killed from the Task Manager with a component installation frozen at 95%. After rebooting, I was able to complete the installation and only the part that was caught in mid-install actually needed to be re-downloaded. DAZ3DIM.zip Malwarebytes Anti-Ransomware.zip logs.zip
  15. Also: white listing the program does not work. Antiransomware still quarantines it and requires me to reboot. Anti-Ransomware.zip DAZ3DIM.zip logs.zip
  16. Anti-Ransomware flagged Intuit Quickbooks FCS while running a Quickbooks 2013 update. It's difficult to find documentation on this exe, but it is involved in installing updates after they have been downloaded from what I was able to uncover. I can't remember if it was a program update or payroll update I was running at the time. After reboot, it would not release from Quarantine. I did a fresh install of Anti-Ransomware without rebooting and the program\service would only crash after that. I rebooted again with the same outcome. Had to remove and then reinstall so quarantine was gone. I was able to repair QB so the zip isn't the .exe from quarantine, but the replacement from after repair. Intuit.QuickBooks.FCS.zip logs.zip Malwarebytes Anti-Ransomware.zip
  17. Hi there. Recently I bought a virus problem and send my phone to guaranty. They reinstall a new firmware of android to erase entire data including viruses. I used Malwarebytes and I have two infected files /system/priv-app/Settings.apk /system/app/FileExplorer.apk both are system files and I want to know if are they false positives or already the phone has a factory trojan viruses. Thes files were already infected before sent the phone to the guaranty department. BLU Neo 5.0 Android 4.4.2 Thank you.
  18. Users have reported a false positive or website blocked --- AuxBeacon News / / / auxbeacon.org / LibertyVPS (Host) On 23 May 2016, the website auxbeacon.org was scanned and cleaned from malware and spam and approved by Google, please review and remove it from your blacklist. To: Webmaster of http://auxbeacon[.]org/, Review successful for http://auxbeacon.org Google has received and processed your security review request. Google systems indicate that http://auxbeacon.org no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours to happen. Thank You!
  19. I only browse on domain name: hxxp://www.poolmaster.it and I receive hxxps://block.malwarebytes.org/ Malwarebytes Anti-Malwarehas blocked a potentially malicious website I already checked the server with several tools, having no results. Thank's Eugenio Nasi
  20. MBARW beta6 - build quarantined C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe and cannot restore. When I try to restore I get the following error message: "The Restore operation could not be performed due to an error. Please visit the beta forum to request assistance." Once HxTsr.exe was quarantined, Windows 10 Mail no longer works - it now crashes upon trying to open. Please provide a solution to restore HxTsr.exe. Additionally when I click Add File under Exclusions, MBARW crashes and displays the following error message: "Malwarebytes Anti-Ransomware has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you is a solution is available."
  21. Hello, The website ribastiendaonline.com was scanned and cleaned from malware and spam, please review and remove it from your blacklist. Thank you
  22. Yesterday I've updated calibre to the latest version (2.57.1) and the antivirus (Avast Internet Security Premier), the anti malware (Malwarebytes Anti-Malware Home Premium) and the anti ransomware (Malwarebytes Anti-Ransomware) didn't find anything to complain while installing the update. Then I started using calibre and after 20-30 minutes it crashed because Malwarebytes Anti-Ransomware put the "calibre.exe" in the quarantine for "generic ransomware". I downloaded again the installer, repaired the installation, the I put the calibre.exe in the exclusion's list. Today, again after 20-30 minutes of calibre doing its work, Malwarebytes Anti-Ransomware put "calibre-parallel.exe" in the quarantine... I've attached the logs, the C:\ProgramData\Malwarebytes folder, the two exe quarantined. You should add an option to exclude a folder, not only a single file. in the calibre folder there are a lot of exe... I don't want to manually exclude all of them because suddenly Malwarebytes Anti-Ransomware decided that these files are infected (and this is not true). And you should add an option to restore a file from quarantine: if I try, the application says that it's impossible because the file was marked for deletion after reboot. Thanks. logs.zip Malwarebytes Anti-Ransomware.zip calibre.zip calibre-parallel.zip
  23. This temporary URL is being blocked. The associated site isn't in the public domain at the moment, so not sure how it got picked up. My host (Heart Internet) say it's not the IP address, but the actual URL. Thanks, Steve.
  24. Hi guys, I got a new false positive message (I think). The Samsung software is for smartphone backups and restores etc. The problem: I can't restore the file even if I click Restore in the Quarantine section. Enclosed the screeshots. What can I do? BR, Kaim
  25. Hi guys, Here another false positive (screenshot). After the message appeared nothing was in the Quartine section and everything else worked-out furthermore. BR, Kaim
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.