Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hello, I have just read on the forum, in a recently closed thread, that the Trojan.Vawtrak.ED is a false positive but my problem is that I followed the instructions from Malwarebytes Anti-Malware, which told me to restart my computer in order to remove the trojan. Now the computer won't restart and nothing has worked so far to get it to work. I have tried using start-up repair, system restore (4 separate points), and all the options on the menu after pressing F8 Can you please help me!
  2. I read in other topics that if i do not restore trojan.Vawtrak.ED that my PC will be permanently unable to reboot itself. I have updated and followed the instructions in the other forum topic to shut down MBytes and restart it after the update which i did; but its stating that access is denied from me restoring the file. What am i suppose to do? Its 4:11 AM currently and i have to be awake later, i cant stay awake all night watching over my computer in fear of being unable to restore it once it is off. I usually let my computer go to sleep-mode and re-activate it by jiggling my mouse. Will it be unable to reboot from that aswell if it goes to sleep mode? MBytes has already quarantined Trojan.Vawtrak.ED a few times earlier today and i cant restore it from quarantine. What do i do? I dont have a CD to reinstall my PC if it is destroyed as my friend from Australia [i live in the states] built it and didnt send the disc, and my pc is around 4-5 years old. I also do not have money to get a new PC. I rely heavily on my current computer , i cant afford to lose it because of a false positive. What do i do? Please someone respond ASAP/immediately =\
  3. http://datasource.codetiburon.com/ and http://instagram-showcase.codetiburon.com I have two websites for my Wordpress Plugins presentation. Sites were published about a month ago. Today some customers report, that they couldn't reach these websites, without disabling Malwarebytes' Malicious Website Protection. Popup shows: Detection, 11.06.2015 19:39:28, SYSTEM, DNKO, Protection, Malicious Website Protection, IP,, datasource.codetiburon.com, 59329, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Can you please unblock my websites? Thank you.
  4. I had a the pesky Trovi PUP and used this thread to get rid of it: https://forums.malwarebytes.org/index.php?/topic/161580-unable-to-remove-trovi-with-malwarebytes/ That did the trick. However, now my malwarebytes is blocking my microsoft outlook from connecting to the server and sending / receiving mail. Any help is much appreciated.
  5. False positive PUP with Native Instruments, Kontakt starting about two weeks ago. Malwarebytes-Kontakt.txt
  6. hxxp://psnprofiles.com/ It's a website for the Playstation community (PS4 / PS3 / PSVita / etc.), providing trophy hunters with trophy tracking, statistics, walkthrough guides and forums. There are over 2,161,655 gamers tracked and 142,058 members, including me. And, as of yesterday afternoon, I couldn't reach this site (that I keep as a permanent tab in my browser) without disabling Malwarebytes' Malicious Website Protection. (And it took me MANY hours and Google searches to finally figure out where the block was, since adding the website domain to my web exclusions list didn't unblock it.) Please, PLEASE unblock this site so I can re-enable the website protection module. Thank you.
  7. Certain files from TorBrowser Bundle 4.5.1 are being detected as Spyware.Password Spyware.Password, C:\Users\Jorge\Desktop\TorBrowser\Browser\AccessibleMarshal.dll, , [4060cfc9e7a3b6807e6f7de52ed4ee12],Spyware.Password, C:\Users\Jorge\Desktop\TorBrowser\Browser\libEGL.dll, , [643c7127256537ff02ebee7431d1fd03],Spyware.Password, C:\Users\Jorge\Desktop\TorBrowser\Browser\libGLESv2.dll, , [f7a93e5a35552b0b6687da88996959a7],Spyware.Password, C:\Users\Jorge\Desktop\TorBrowser\Browser\mozalloc.dll, , [20807325880232045499fe6422e0a858],Spyware.Password, C:\Users\Jorge\Desktop\TorBrowser\Browser\browser\components\browsercomps.dll, , [fba5d3c5c9c13cfa67867ce65aa8f50b], I have, for now, added an exception to MBAM installation on my computer to stop it from scanning TorBrowser files. The software can be freely downloaded from: https://dist.torproject.org/torbrowser/My specific version is torbrowser-install-4.5.1_pt-PT.exeFor the record, attached are the scan log and the false positives archive. TorBrowser.txt TorBrowser.zip
  8. The realtime Malware Protection for my MBAM Premium v. appears to have incorrectly detected the executable for the FileHippo App Manager v1.47.0.103 (formerly known as FileHippo Update Checker - available for download from http://filehippo.com/download_app_manager/59899/) as PUP.Optional.InstallCore.A. This is a utility I occasionally run to check if there are updates available for third-party software installed on my PC. The attached files are a zipped version of the restored C:\Program Files\FileHippo.com\FileHippo.AppManager.exe as well as my MBAM Protection Log showing the detection. Version 1.47 of this FileHippo utility is the current stable release and it has been installed on my system since 30-Jan-2015. Today is the first time it has been detected (MBAM database version 2015.5.24.3). ------------- 32-bit Vista Home Premium SP2 * Firefox 38.0.1 * NIS 2014 v. * MBAM Premium 2.1.6 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS FileHippo.AppManager.zip MBAM FP FileHippo App Manager 24 May 2015.txt
  9. I've created a simple PHP script for splitting text files at a given interval. I compiled it to an exe with bamcompile from http://www.bambalam.se/bamcompile/and virustotal showed it as "Trojan.Downloader" from malwarebytes as well as 5 other false positives. The exe I got out of my compiled script didn't try to contact any server or add anything malicious to the system. Here are the virustotal results: https://www.virustotal.com/en/file/e91b8e882294213d859c6c23e1006bbd49a5999bfd3752da792268d57570343a/analysis/ . The file hashes of bamcompile from that web site are the same as the ones as on sourceforge. This has been a trusted PHP to exe compiler for years. Bamcompile itself only came up with 3 false positivies on virustotal. The .exe I created is what created the previously linked 6 including malwarebytes. I've zipped my compiled exe and attached it to this post. Thank you. FileSplitter.zip
  10. Hi there, This website is giving me malware threats, but its 100% safe. Its one of many casinos that are exactly the same, just different skins, but this one is the only one in the group that gives me a threat detection. Can you please review it and let me know if we can take it off the threat list? Thanks, Dan
  11. Please unblock this website, this is an unwanted block and is losing us business, the site has been up for years? server IP
  12. Matexas.com mcallistertexas.com webfaction.com
  13. MBAM is flagging Bleach Bit cleaner file libatk-1.0-0.dll as Trojan.Fake.ED. I am sure it is a false positive. MBAM only flagged it in a Virustotal scan. Thankyou libatk-1.0-0.rar bb.txt
  14. MBAM flagged the file CMFG.dll as malware but it is a false positive. This file is actually a part of our Oracle EnterpriseOne software. Let me know if I need to provide any additional data. Thanks! -Quinn CMFG.zip MBAM-log-2015-03-31 (09-49-04).txt
  15. I wanted to report a false positve on the program audacity. Previous scans came clean, now the setup file in my downloads shows the exe file as a PUP. Could someone look into this and report back. I have contacted audacity via http://audacity.sourceforge.net/and they stated it is clean.
  16. To whom it may concern, I would like to inform that our software is getting flagged as a virus (PUP.Optional.GamesBot.A) by Malwarebytes. We believe this is a false detection since GamesBot is a safe file to use. Please have this detection re analysed and white listed as soon as possible GamesBot is attached herewith in an archive. no password given. GamesBotSetup.zip
  17. Dear Sir/Madam, we are a producer of a universal installer. Malwarebytes do flag our Chip Secured Installer as suspicious element (PUP.Optional.Downloader), but all other Antivirus-manifacturer do trust our signed Installer. Could you please check this attached file for ‘false positive’ and whitelabel our Codesigning file? Best regards, Wladimir Sajzew malwarebytes_log.txt TeamSpeak 3 32 Bit - CHIP-Installer.zip
  18. I have a new website at http://financialprofessionalwebsites.com for which some of my prospective clients are reporting the attached "Malicious Website Blocked" popup window. Please fix. It appears to be happening with Firefox, Chrome and IE. They are not experiencing this message on other sites. Please fix. Thank you, Russ Francis
  19. hxxps://mtkhosting.com hxxp://mtkhosting.com hxxps://www.mtkhosting.com hxxp://www,mtkhosting.com This is a WHMCS based website. I have whitelisted the domain in all forms w/wo www as well as IP. I have used Opera, Chrome, Firefox will the same result. Once I turn off Malicious Website Protection in Malwarebytes Anti-Malware Build Date: 11/21/2014, restart the browser, the site loads fine. I am running Malwarebytes in conjunction with Norton 360 Premier. I have tried disabling all Norton products and again it is not until I disable Malicious Website Protection that I am able to access the site. I am also having sporadic trouble with Outlook 2013 Desktop version accessing Exchange Online. Agoing, when I turn off Malicious Website Protection, Outlook connects normally. Bill.. .. .
  20. Good morning, It seems that MBAM is identifying loginw32.exe as Trojan.Carberp.ED. I have attempted to upload the file, but receive an error from the uploader stating that the type of file is prohibited. (I will post now and read through the forum rules + edit my post as neccessary). I checked the file against virustotal.com and it received the following results: SHA256: 943326651087aa4391a6e30a42f4a47c4beae33c9368cbdb759b77e100db92aa File name: loginw32.exe Detection ratio: 1 / 48 Analysis date: 2014-12-29 13:53:13 UTC ( 2 minutes ago ) Developer metadataCopyrightCopyright © 1996-2008, Novell, Inc. All rights reserved.Publisher Novell, Inc.Product Novell Client Login for 32-bit WindowsOriginal name LoginW32.EXEInternal name LoginW32File version 4.19.12Description Novell Client Login for 32-bit Windows Packers identifiedPEiD Armadillo v1.71 PE header basic informationTarget machine Intel 386 or later processors and compatible processorsCompilation timestamp 2008-08-19 15:40:39Entry Point 0x000014D6Number of sections 4 PE sectionsName Virtual address Virtual size Raw size Entropy MD5.text 4096 1744 4096 3.17 24c413e1d149a859e69a5aa1e239b01f.rdata 8192 938 4096 1.50 114191abbf88b4d9ba7ead51008b51f8.data 12288 488 4096 0.80 fe59e7473299804b4e4ab0de0a0b93d5.rsrc 16384 2336 4096 2.46 0a74bbf1b70412982acd4f0eb14667b6 PE imports[+] KERNEL32.dll[+] MSVCRT.dll[+] USER32.dll Number of PE resources by typeRT_ICON 1RT_MANIFEST 1RT_VERSION 1RT_GROUP_ICON 1 Number of PE resources by languageENGLISH US 4 ExifTool file metadataSubsystemVersion4.0LinkerVersion6.0ImageVersion0.0FileSubtype0FileVersionNumber4.19.12.0UninitializedDataSize0LanguageCodeEnglish (U.S.)FileFlagsMask0x003fCharacterSetUnicodeInitializedDataSize12288FileOSWin32MIMETypeapplication/octet-streamLegalCopyrightCopyright 1996-2008, Novell, Inc. All rights reserved.FileVersion4.19.12TimeStamp2008:08:19 16:40:39+01:00FileTypeWin32 EXEPETypePE32InternalNameLoginW32FileAccessDate2014:12:29 14:53:33+01:00ProductVersion1.00.05FileDescriptionNovell Client Login for 32-bit WindowsOSVersion4.0FileCreateDate2014:12:29 14:53:33+01:00OriginalFilenameLoginW32.EXESubsystemWindows GUIMachineTypeIntel 386 or later, and compatiblesCompanyNameNovell, Inc.CodeSize4096ProductNameNovell Client Login for 32-bit WindowsProductVersionNumber1.0.5.0EntryPoint0x14d6ObjectFileTypeDynamic link library File identificationMD5 ba64512a8b2c43c143d5199faf691c6cSHA1 7ff81ac69263845687233cea0b1a039acf582114SHA256 943326651087aa4391a6e30a42f4a47c4beae33c9368cbdb759b77e100db92aassdeep96:azwlSLIWki9NDyIWZEl74Q+iAAW5h6NPtboyi97tec9pTEZ6fyfG7Cs:azASUWki7uI5p+iANh6NP1oySnusauthentihash 4ec8de1fcaffcfb2b16995cd33241a37db2887cf32e941298f486fb363c4eec5imphash d190d3860e32c531551f641f43452a44File size 20.1 KB ( 20560 bytes )File type Win32 EXEMagic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID Win64 Executable (generic) (64.6%) Win32 Dynamic Link Library (generic) (15.3%) Win32 Executable (generic) (10.5%) Generic Win/DOS Executable (4.6%) DOS Executable Generic (4.6%) Tagspeexe armadillo VirusTotal metadataFirst submission 2010-03-23 09:20:12 UTC ( 4 years, 9 months ago )Last submission 2014-12-29 13:53:13 UTC ( 30 minutes ago ) File names LoginW32.EXE LoginW32 loginw32.exe
  21. Our application NindaLoader is being detected as a false positive by Malwarebytes. this is the only detection for this application. We would appreciate if you could white list this as soon as possible. NinjaloaderSetupnp.zip
  22. Hello, Malwarebytes team. We found that our own developed software is regarded as malwawe from Malwarebytes. please check and take proper action for this. I attached file file and the password is virus https://www.virustotal.com/ko/file/48089a81742d0ee63f2a7f846963177e1fd1148a4f6c17c971edd5ac67a5d70d/analysis/ https://www.virustotal.com/ko/file/c80875832b43f0928179890629c12f04276993b740804f620d197606311782bf/analysis/ thanks Sukbum RedStoneSetup.zip microvolts.zip
  23. Hi there. Occasionally MBAE will throw a false positive when starting the JAP/JonDo proxy. As said, I'm using MBAE, and I'm using JAP/JonDo 00.19.001. This is the URL for the JAP/JonDo project. http://anon.inf.tu-dresden.de/index_en.html I'm using Java Version 7, update 71, (build 1.7.0_71-b14), on Windows 7 64 bit professoinal. This was happening occasionally with MBAE 1.04, but it's still happening with the newest version. Not every time, maybe 15% of the time I start JAP.
  24. Hi guys. I've been having some trouble with removing some adware I've gotten from something. Basically it opens up firefox under the URl 'www.intried.net' and then redirects to an advertisement webpage (Sometimes that can be rather embarassing with some of the advert content). Does anyone know how to remove it? I've ran countless malware and virus scans and it has not come up. Thanks in advance.
  25. Good morning, I'm the developer of Installers in Ontinet and these have been marked as PUP.Optional.Ontinet. I'm using NSIS to package the files, and one of this files is appOnt.exe, an aplication to comunicate with our clients. Could you please check it and exclude if from scan?. Thank's PD: I was trying to attach the zip file in a firefox web browser and it doesn't work. Check it ;-) Micky live.zip
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.