Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. As of database version v2014.02.13.11 I am getting a Quaratine for Asus AI Suite II 2.04.01 for Thermal Radar file, WmiMbProduct.dll. (Asus\AI Suite II\ Thermal Radar\WmiMbProduct.dll) When it Quaratines it, Fan control with AI Suite no longer works and I receive a,Memory Error at memory area 00000000. Is this a false positive, I hope.
  2. One of my users has reported that Malwarebytes flagged my app, "Compufart FREE: Fart Synthesis" as malware. This seems very unusual as the only thing the app does that could be construed as suspicious is reading/writing preferences. Please let me know that something can be done about this. The app can be found here: http://play.google.com/store/apps/details?id=com.audolon.millenium.free
  3. this is not a bad site so dont show warnings
  4. Hi We have had a report that one of the components of out Trimble Data Transfer application (namely "c:\Program Files (x86)\Common Files\Trimble\Remote Device Manager\TFSBU.dll" is a Trojan and is a locked file. This precludes the application from starting. I believe that you have a false positive on this. The Trimble Data Transfer application is free to download and can be downloaded from http://www.trimble.com/datatransfer and selecting the full install (72Mb) if your browser doesn't support the one-click install. Thanks in advance Geoff Davies Trimble Navigation Limited.
  5. Using Visual Studio 2012 I create a new WindowsForms aplication. When I run it from studio I get a popup telling me I have a Backdoor.Bladabindi.MSIL threat in the generated .exe file. I saw in earlier posts that this has been identified as a false positive and would be fixed in the next release. This is causing me a problem and I would be grateful if you could advise of a workaround and timescale for the fix.
  6. wotlauncher.exe = world of tanks. I was updating the client. 194.146.191.226 type: outgoing, Port:6881, process:wotlauncher.exe
  7. C:\Program Files (x86)\Dolby Home Theater v4\pt-br\pcee4c.resources.dll was detected on December 10 as a Trojan.MSIL then got quarantined. I'm thinking that this is a false positive, but wanted to make certain. My machine is running fun and haven't had any issues so hopefully it's just a false positive and I can restore the file. I'm attaching the log that I ran today and the logs that were created on the 10th as reference if needed. Thanks
  8. We were having some issues with an image that was newly created so we ran a scan out of curiosity and it showed a resultant Trojan.agent within the Windows/hosts file. As the build is a new build we are wondering if it is a false positive and therefore a remnant of an incomplete wipe of the disc due to reformatting using only the Windows disk from Dell. I have attached the log file as evidence if that helps. Thanks in advance, Mike bmrt-log-2013-12-09 (12-36-04).txt
  9. Domain as www.tallerescorauto.es, www.congresoasenhoa.es, www.decadiz.net, ... are in the IP http://209.123.181.82 and blocks all Please, you can check and comment me on why they are blocked
  10. Auto Protect is detecting Acrobat.exe at launch and quarantining it as Tronjan.downloader.BD. This BREAKING pc's ALL OVER our company (AGAIN!). Log file: 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting protection 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Protection started successfully 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting IP protection 2013/11/01 06:10:04 -0400 BEDROOM (null) MESSAGE IP Protection started successfully 2013/11/01 06:47:06 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.10.31.08 to version v2013.11.01.02 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 06:47:25 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 07:56:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 07:56:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 09:11:37 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.02 to version v2013.11.01.03 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 09:11:43 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 09:11:53 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 10:04:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:04:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 10:57:09 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:57:10 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 11:45:38 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.03 to version v2013.11.01.04 2013/11/01 11:45:44 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 11:45:49 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 13:01:43 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 13:01:44 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 14:13:17 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.04 to version v2013.11.01.05 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 14:13:34 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 15:13:00 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 15:13:01 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 16:09:22 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.05 to version v2013.11.01.06 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 16:09:40 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:09:31 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.06 to version v2013.11.01.07 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 17:09:42 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:52:21 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:52:22 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 18:06:22 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE 2013/11/01 18:08:18 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE Acrobat.zip
  11. After updating my definitions today, I ran a scan, and MalwareBytes v1.75.0.1300 "found" hundreds of paths and files that it says are risks. However, even with system and hidden files showing, these paths and files simply don't exist. Here's an excerpt from the scan log, and all of these are bogus. Please advise! " c:\documents and settings\administrator\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\all users\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\azakiud\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\default user\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\dsanch6\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\esmws\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\gmatuti\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\mbrady9\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\p-inst\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\rdicks1\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\windows\system32\config\systemprofile\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\program files\javasuppot\msn.exe (Trojan.Agent) -> No action taken.c:\windows\system\sexy.exe (Backdoor.Agent) -> No action taken.c:\publicos windows\msn.exe (Trojan.Banker) -> No action taken.c:\documents and settings\administrator\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\all users\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\azakiud\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\default user\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\dsanch6\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\esmws\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\gmatuti\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\k2admin\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\localservice\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\mbrady9\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\networkservice\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\p-inst\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\rdicks1\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\windows\system32\config\systemprofile\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\windows\system32\system 32\msn.exe (Backdoor.Bifrose) -> No action taken."
  12. Hi, Our customers wrote us about Malwarebytes application blocking 2 of our sites (ecommerce stores), which are hosted with Exohosting in Slovakia. These are definitely false positives, though I'm not sure about shared IP. Blocked IP 92.240.253.14, affected sites: chlpacik.sk, canin.sk Is that possible to white-list domains in your DB? Or do we need to purchase dedicated IP from hosting company? Or is it possible to find a reason why IP is blacklisted and not particular domains on that shared IP? Thanks for shedding some light on that. -peter.
  13. I ran Chameleon as per the FAQ instructions and it showed no probs on my system. I then ran my regular av scan with Avast. Avast detected Chameleon as a hidden rootkit threat and quarentined it in the chest. Is this a false positive? To be honest, I have been having a really bad time with my laptop, starting with a lot of lag, then a BSOD. I ended up at the Avast forum trying to figure out what was going on, but nothing was really resolved. I still believe there is something on my sstem. Whenever I try searching for certain things related to virus or moceooft errors, I usually get the same search results and the pages are none that I have ever heard of. Vefry frustrating. I also saw some personal info pop up in a forum, as if someone had access to private info. Sooo...still ned to find out what is going on there. Any help would be appreciated . Thanks!
  14. One of our users have told us that Malwarebytes blocks our IP. Could you please check and hopefully remove it from your blacklist? Thanks.
  15. Hi there, We use a particular software called Trapeze and we're getting a scan result identifying a trojan.randsom.ae on the EXE file. MS Security Essentials and Check Point Endpoint are not finding any such thing. We are using Corporate edition of Malwarebytes Anti-malware. Thanks, Jason trapeze.zip
  16. Hello, We have a field service application we develop, and for some reason, one of the DLLs we build for our program is getting flagged as a Trojan.FraudPack. The machine we build it on doesn't have any other infected files, and it's not picked up by any other anti virus programs that we run, so we believe it's getting picked up as a False Positive. Here is the log output: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 ksg :: KG-WIN7X64 [administrator] Protection: Enabled 9/16/2013 11:51:03 AM MBAM-log-2013-09-16 (12-22-55).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 702016 Time elapsed: 31 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Projects\XE2\SP5Titan\Application\SPSCSUPP.dll (Trojan.FraudPack) -> No action taken. (end) SPSCSUPP.zip
  17. I believe MBAM scanner has detected a false positive. I don't have a zip file capacity but I will try to upload the file here. If it is not uploaded I have failed, in which case please advise. (I have just tried and failed to upload the file as hpqscnvw.exe, so I renamed it hpqscnvw.txt, and have uploaded it. I hope this is acceptable.) My MBAM log of the scan is this: Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Joe :: JOE [administrator] 13/09/2013 21:17:02 MBAM-log-2013-09-14 (14-01-37).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 395512 Time elapsed: 6 hour(s), 54 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Progs\HP\Digital Imaging\bin\hpqscnvw.exe (Trojan.Bredolab) -> No action taken. (end) When I install the HP software I put in in a folder I named "Progs" rather than "Program Files". I tend to do this with all applications that I install where I am given a choice. Regards hpqscnvw.txt
  18. 11 files that had never previously registered a problem with Malwarebytes Pro, suddenly gave me a Malware.Packer.RA warning. I update my database daily and run a daily scan. I've attached the logs from yesterday and today. What additional information do you need to fix this problem? mbam-log-2013-08-27 (04-30-03).txt MBAM-log-2013-08-28 (08-40-34).txt
  19. yeah i think this is a false positive, can io ask to make sure here's the logs Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 User :: SARAHNEW-PC [administrator] 27/08/2013 19:04:59 MBAM-log-2013-08-27 (19-33-46).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399281 Time elapsed: 26 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\User\AppData\Local\Temp\mt_ffx (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm\1.8.11.11 (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------- since there folders i can't scan using virus total, however it's zone alarm. i've attached the folders, however each detection is just the next folder down. mt_ffx.zip
  20. Hello, I'm representative of WnSoft Ltd. We received complaints from our users about false positive ('Trojan.Downloader') in Malwarebytes software for our product: PicturesToExe Deluxe 7.5.10 www.wnsoft.com/picturestoexe I uploaded 3 sample files: http://www.wnsoft.com/files/test/false-positive/picturestoexe-false-positive.zip Password: 1234 1. PteViewer5.exe - slideshow engine. 2. PCExecutable.dat - engine for executabke slideshows. 3. pte7510.exe - example of created slideshow. Thanks solve this problem ASAP.
  21. Received this notice a few hours ago: Copied and pasted from the log file: 2013/08/16 10:51:11 -0400 DETECTION C:\Program Files (x86)\Howler\DogLua.exe Trojan.Inject.NR QUARANTINE Before this, no notice. My antivirus scan shows no analomy. Could this be a false positive after the last update? This is Project DogWaffler Howler. Also: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Protection: Enabled 8/16/2013 1:50:44 PM MBAM-log-2013-08-16 (13-56-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 297067 Time elapsed: 4 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC8445A0-F7C7-42F4-A01F-BFE517676756} (PUP.Optional.Tarma.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\InstallMate\{CC8445A0-F7C7-42F4-A01F-BFE517676756}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\InstallMate\{CC8445A0-F7C7-42F4-A01F-BFE517676756}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken. (end) Please advise
  22. I have used malwarebytes for a long time and only recently am I getting what I THINK are a lot of false positives. I am curious : a) how do I determine what is a false positive and how do I keep malwarebytes from pointing out one that I am sure IS false? b) if I am indeed getting false positives, why now? This is the same software I've had installed for months. So here are some example jpg's of what I think are false positives. *The first one I got was from Autorun Eater. I've used it for a long time, as I say, running alongside AntiMalware and only recently am I getting what I am about 99.9% sure is a false positive. I wrote AutoRun Eater about it and they assured me it is a false positive. *The next ones I got are now coming every time I use UTorrent. I am using UTorrent 3.13.27xxx and I did update it from the older version recently so maybe that has something to do with it. But now every time I download a torrent I am getting various warnings whereas I've been using UTorrent for over a year and never had warnings like this before. *The final one is re 4shared desktop and while I do have an account it isn't even running, unless it's running in the background somehow and I don't know about it. So if anyone can enlighten me on this stuff please do. In the past I have used malwarebytes antimalware pro with no issues like this at all, and it's weird that suddenly I'm getting them. EIther I'm suddenly under attack (but haven't changed anything to my knowledge to cause that) or else MB is giving me false positives up the ying-yang. So which is it? Thanks for your help in sorting this out!
  23. Hi, We are getting ready to relase an update to our users and the update file is being flagged as PUP.Optional.DefaultTab. This is a regular update with bug fixes, etc., to our users. In all cases our user have opted to install our software, so the PUP flag seems inappropriate. Thanks, Steve Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 swise :: EDL05 [administrator] Protection: Enabled 7/29/2013 3:10:31 PM MBAM-log-2013-07-29 (15-10-48).txt Scan type: Custom scan (C:\tempdt\DTUpdate134.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\tempdt\DTUpdate134.exe (PUP.Optional.DefaultTab) -> No action taken. DTUpdate134.rar
  24. high, i just ran Malware bytes on my GFs computer, it found that askInstallChecker-1.1.0.0.exe was a virus, i find this hard to belive since it was on the PC since she bought it. (Pre-dilivery) since then she's had it 3 months with no detection. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 User :: SARAHNEW-PC [administrator] 28/07/2013 11:28:23 MBAM-log-2013-07-28 (11-54-33).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390820 Time elapsed: 25 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\Desktop\askInstallChecker-1.1.0.0.exe (Trojan.Fakealert) -> No action taken. [c2e00b57f7758caa1561380e6e939769] (end) also attached the log file and a 7zip with the detection askInstallChecker-1.1.0.0.7z MBAM-log-2013-07-28 (11-54-33).txt
  25. I did a a scan with malwarebytes and got this: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] Protection: Enabled 7/11/2013 2:58:40 PM MBAM-log-2013-07-11 (15-13-39).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 216779 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Is this malware?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.