Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. IP is 217.23.11.25 I would like check why my site animeshi.tv was blocked by malware byte. some of my site visitors complains that their malware byte prevent them from entering my site. My site been establish since 2008, previous domain was animeshippuuden.com I am using reputable ad network such as Rubicon Project, CPMStar(game ad), Propeller ads. I hope we can resolve this
  2. This website is on shared hosting, so I suspect that the IP address is caught up in a range of blocked IPs. I have run this domain through a number of other detection services and no malware was found. Can you check and possibly remove the block for this domain? We are set to launch on June 15, 2014 Detection, 6/3/2014 11:48:37 AM, SYSTEM, IN-EDUC-TOXXXXXXXX, Protection, Malicious Website Protection, IP, 66.96.147.101, lovedforwhoyouare.com, 50461, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
  3. I think I have a false positive but I am not sure. I want to make sure my system is clean. A file named cf51e31.msi was detected as a Backdoor.Bifrose. Would anyone be able to see if this is a false positive? This was from a re-scan so I could get the file to upload it. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.05.28.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.17107 5/28/2014 1:22:43 AMmbam-log-2014-05-28 (01-22-43).txt Scan type: Custom scan (C:\Windows\Installer\cf51e31.msi|)Scan options enabled: File System | Heuristics/Shuriken | PUP | PUMScan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2PObjects scanned: 1Time elapsed: 3 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Windows\Installer\cf51e31.msi (Backdoor.Bifrose) -> Quarantined and deleted successfully. (end) cf51e31.zip
  4. Hello there, These are two IPs of the DNS-Server of Vodafone.de and required to connect via UMTS to their Network: 139.7.30.125 139.7.30.126 At the moment both IPs are blocked by Malwarebytes v2.0.1.1004 and therefore it is not possible to connect to the internet using an UMTS-Stick at all. I'd kindly request to remove the ip-block of those two server. Thanks in advance and best regards, cerberos
  5. Mbam picks up the file and quarantines it when starting the game. Which obviously causes it to crash. I've told mbam to ignore the file for now.FPwanderlustrebirth.zip
  6. I have Nvidia Graphic Card, this file belongs to it: nvlddmkm.sys and was detected this a.m. durring reg nightly scan. Here is the log: More information on the MD5: http://systemexplorer.net/file-database/file/nvlddmkm-sys/Can't find the file now. Told MBAM to ignore once, will see if found again. The file has been on my system a few weeks since software update was done for the card. Kind Regards, turtledove
  7. I did a factory reset on my laptop and had to download the new MBMA, upon running a full scan i got two registry keys deteced as hijackers. I don't think his could be right and would appreciate any guidance. I don't want to keep the files if they are malicious but I am not convienced they are. mj.txt
  8. Hello I just purchased a domain at Godaddy and have it redirected to a blog.com website. This works on other websites I have without Malwarebytes blocking...but for some reason it is blocking this new website. The site is www.cmt4u.com Thanks in advance! Cheers,
  9. Access to this long-standing client has been blocked recently. The message announcing the block appears when reading email and delays ability to reply. Can't get to the website, either. Please help. Thanks and best regards, Brenda Spandrio
  10. SHA256: bff381fda8aba83b25727845416ba4d471385cb61048e1929e56bbd425ee6128 SHA1: 74043288c9c2c698672748f18731db7305e1c38d MD5: a3ab11b8b97ee6bbc604374e7d56693b File size: 1.8 MB ( 1864440 bytes ) File name: FP40EXT.CAB File type: CAB Detection ratio: 1 / 51 Analysis date: 2014-03-22 07:42:37 UTC ( 0 minutes ago ) https://www.virustotal.com/en/file/bff381fda8aba83b25727845416ba4d471385cb61048e1929e56bbd425ee6128/analysis/1395474157/ FP40EXT.7z MBAM-log-2014-03-22 (11-07-51).txt
  11. Hello; first time writing and i'm in a quandary. I love to play shooter games but not very good at it so when i can, i find console commands or use -devmode and when that fails, i find a trainer for the game. This go around, for the game alan wake american nightmare, the trainers i've found are flagged by MB. I read that mostly these are false positives. I don't know how you can tell this from a real virus so i've been deleting those flagged ones. Now i've run out of trainer options. The thing MB picks up is called Hacktool.e (can't see the whole name in taskmanager) probably it's hacktool.exe. Anyway i'm afraid to launch the trainer cause i've had enough of infections and don't want to take anymore chances. What do i need to do in this instance? The offending file comes from GameCopyWorld and is named Alan Wake's: American Nightmare v1.03.17.1781 +9 TRAINER 28-07-2013 by GRIZZLY Thanks guys WP
  12. I just uploaded the file to virus total. Malwarebytes is the only one out of 50 scanners that reports it as a trojan. See https://www.virustotal.com/en/file/b73f2c681c8ee4da610fb8449287f10cbdc2e2297392a71328350d01331f58cd/analysis/. That file has been scanned by Malwarebytes innumerable times since I put it in my archived install files on Oct 10, 2013, so I have no explanation as to why it is suddenly being detected. I am attaching the log from the developer mode scan, as well as the original log from a few minutes prior. They are virtually identical. I did rename the file from what I originally downloaded, but Virus Total gave it the correct name, so I assume it only looked at the hash. The MD5 for it is 6A8F3CB05189276134C79E699247D2BD. The digital signatures tab of the properties dialog box for the file show it to be digitally signed by Connectify on Tuesday, Aug 20, 2013, at 10:08:10 AM. I'm having Malwarebytes ignore it as well as FantaMorph. MBAM-log-2014-03-17 (07-03-17).zip
  13. We utilize AD and GP's for our end user desktops, MBAM thinks they are malicious keys. I figured the MSP version would be aware of this, however that's not the case. Is there a way around this issue? Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [a25ba859314a9b9b5cfe62cc55aff50b] HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken. [bb42a45d5526e5516738e64743c126da] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> No action taken. [a558629f7dfe85b178d8d65844c01fe1] mbam-msp-log-2014-03-11 (08-42-10).txt
  14. after visiting @gcluley website today, that is grahamcluley.com I noticed It was being blocked by malwarebytes. just here to let you know it's nothing more than a false positive!
  15. Hi there, I installed Adwcleaner a couple of weeks back after MBAM detected a PUP.Optional.PriceGong.A item. I simply left the program on my desktop and there have been no issues so to speak. When running a full scan tonight MBAM detected the program as a Trojan.Agent.AI. I presume this is a false positive as Adwcleaner is a safe program, no? Please let me know if you need anything further from myself and I'm happy to provide.
  16. Dear Sir or Madam, My name is Giovanni Drusian, Senior Security Consultant. I am writing to you from the position of an official AnchorFree GmbH external consultant, responsible for identifying possible false positive detections that commercial antivirus engines may register against the AnchorFree GmbH line of software products and web domains. Upon your request, I will be ready willing and able to provide you with my Letter of Empowerment, as issued by AnchorFree GmbH officials. As a result of a recent investigation conducted at my side, I have concluded that the following domain / IP is detected by Malwarebytes Anti-Malware (Website Blocking): IP-BLOCK 74.115.2.210 (Type: outgoing, Port: 49781, Process: iexplore.exe) Attached you can find the relevant screenshot that shows this detection notice by Malwarebytes Anti-Malware (password: infected). Due to the fact that the domain and IP included in this report are part of an AnchorFree GmbH related, clean, official line of domains and web services, I would like to know if you can kindly fix this false positive detection in a time is of the essence manner. Looking forward to your reply. Thank you! Test1.rar
  17. Dear Sir or Madam, My name is Giovanni Drusian, Senior Security Consultant. I am writing to you from the position of an official AnchorFree GmbH external consultant, responsible for identifying possible false positive detections that commercial antivirus engines may register against the AnchorFree GmbH line of software products and web domains. Upon your request, I will be ready willing and able to provide you with my Letter of Empowerment, as issued by AnchorFree GmbH officials. As a result of a recent investigation conducted at my side, I have concluded that the following filesare detected by Malwarebytes Anti-Malware: HSS-2.88-install-download-80-conduit.exe.data0208 (PUP.Optional.Conduit.A) -> No action taken. [f18c04fa3b3ffe38a95c75f816eae61a]HSS-2.88-install-e-395-conduit.exe.data0208 (PUP.Optional.Conduit.A) -> No action taken. [5e1f1ce233475dd9a560a5c89070e11f]HSS-2.90-install-download-80-conduit.exe.data0209 (PUP.Optional.Conduit.A) -> No action taken. [1568a7577ffb8da9ba4b36373bc52fd1]HSS-2.90-install-e-395-conduit.exe.data0209 (PUP.Optional.Conduit.A) -> No action taken. [502de01e4e2c6cca5ca98de0d32d53ad]Attached you can find the files indicated for your reference, alongside the related developed mode exported scan log and screenshots (password: infected). Due to the fact that the files included in this report are part of an AnchorFree GmbH related, clean, official software product, I would like to know if you can kindly fix this false positive detection in a time is of the essence manner. Looking forward to your reply. Thank you! Test.rar
  18. Hi, This is the log from malwarebytes2014/03/01 00:10:38 -0800 TIMS PC User IP-BLOCK 74.91.124.219 (Type: outgoing, Port: 54932, Process: rust.exe) Rust is a game offered on Steam, I receive these messages every time I start the game. I'd like to know whats up. Thanks for your time
  19. Hi, can you check if this is as false positive? 202.72.147.202 Our client tried to access the web address: http://www.mclernons.com.au By looking at the log file it looks like the whole server is blocked so it must have been blacklisted on your end. Can you please fix this asap? Kind Regards
  20. Hello! Please, check that domains for false positive: http://download-archiver.ru/ http://myvksaver.ru/ http://winrar-soft.ru/ Thank you!
  21. Was going about my normal use of the site when it was blocked.
  22. Hello, Please whitelist EasyAntiCheat software in Malwarebytes. Malwarebytes is *silently* cutting of EAC's network connections and preventing it to stream data from its servers, without giving any notification to the end-user. Here is a download link for the anti-cheat module that Malwarebytes specifically is blocking from downloading: http://sandra.easyanticheat.net/dist/EasyAntiCheat.dll. Current resolution to end-users is to uninstall Malwarebytes and restart Windows.
  23. Good afternoon, Our users are reporting a Malwarebytes block while trying to download support files automatically through UBot Studio's update process. is an image of the error. If the Malwarebytes community will contact me, I will gladly send them the information required ASAP to get this false positive removed from the database. More information about the error can be found on our bug tracker.
  24. Hi Malwarebytes, Your scanner reports some false positives in our sample programs and in a Microsoft Visual Studio .Net 2003 sample: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.17.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428 17/02/2014 14:46:38MBAM-log-2014-02-18 (09-08-14).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 1242654Time elapsed: 4 hour(s), 34 minute(s), 39 second(s) Memory Processes Detected: 1C:\132ws\a3smine\service.exe (Trojan.MSIL) -> 2324 -> No action taken. [4ff79944cfab8caa46814b83f0107e82] Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKLM\SYSTEM\CurrentControlSet\Services\MyAplService (Trojan.MSIL) -> No action taken. [4ff79944cfab8caa46814b83f0107e82]HKLM\SYSTEM\CurrentControlSet\Services\A3S_Kai (Trojan.MSIL) -> No action taken. [b393904d5723e1550dbaede120e0e31d] Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 16C:\132ws\a3smine\service.exe (Trojan.MSIL) -> No action taken. [4ff79944cfab8caa46814b83f0107e82]E:\cust\kaia3s\Kai\A3S_Kai.exe (Trojan.MSIL) -> No action taken. [b393904d5723e1550dbaede120e0e31d]C:\cust\a3s\Unicode_13.0_12170.zip (Trojan.MSIL) -> No action taken. [88bea7369cde83b3cef98e40718f8e72]C:\cust\a3s\Unicode_13.0_12170\service.exe (Trojan.MSIL) -> No action taken. [47ff914c3347df57ddea6668768a926e]C:\data\downloads\aMSN-0.98.9-tcl85-windows-installer.exe (PUP.Optional.OpenCandy) -> No action taken. [3214637acbaffe38951c6bd4bf45bb45]C:\objects\13.2_dss_svn\obj\misc\samples\aplclasses\win\32\Classic\winapi\dev\dbg\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [3e080ecf7dfdf44265d20d5744bd24dc]C:\objects\13.2_dss_svn\obj\misc\samples\asp.net\golf\csharp\win\32\Classic\winapi\dev\dbg\starting.exe (Trojan.MSIL.Gen) -> No action taken. [f94da33a03777eb842f5c59f9d64e818]C:\Program Files\Dyalog\Dyalog APL-64 14.0 Unicode\Samples\asp.net\golf\csharp\starting.exe (Trojan.MSIL.Gen) -> No action taken. [093d518c9bdfcf67e84f5410ca37f20e]C:\Program Files (x86)\Dyalog\Dyalog APL 13.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [440202dbe89286b0fa3d8ed648b99d63]C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Classic\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [d571617ca7d388ae1c1b511304fd8d73]C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [23230fce9fdb290d92a5b6ae748d3ec2]C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Unicode\Samples\aplclasses\orig\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [e165e9f4d6a47cba3cfb23419b66aa56]C:\Program Files (x86)\Dyalog\Dyalog APL 14.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [fb4b9449e991cd691a1dfc6839c87789]C:\Program Files (x86)\Dyalog\Dyalog APL 14.0 Unicode\Samples\asp.net\golf\csharp\starting.exe (Trojan.MSIL.Gen) -> No action taken. [62e404d9fe7c102671c6f66e48b9fb05]C:\Program Files (x86)\Dyalog\zzzDyalog APL 13.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [420405d87ffb5ed896a197cd738e08f8]C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe (Adware.StatBlaster) -> No action taken. [34128d50accea294f0eab5ffc43fbc44] (end) Regards, Vince
  25. Hello. I published an entry on your forum but you wrote that aleksius.com blocked by your module. The site is located on my VPS. As far as I know, site and IP address and clean. Here are some links to reports of different scanners. https://www.virustotal.com/ru/url/fb212711cf992e9614c5240ba074c116078df051da6344536471358067ed77d7/analysis/ http://quttera.com/detailed_report/aleksius.com http://sitecheck2.sucuri.net/results/aleksius.com http://www.avgthreatlabs.com/website-safety-reports/domain/aleksius.com http://safeweb.norton.com/report/show?url=http%3A%2F%2Faleksius.com%2F http://www.siteadvisor.com/sites/aleksius.com http://www.google.com/safebrowsing/diagnostic?site=aleksius.com&hl=ru Please unlock my site.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.