Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. wotlauncher.exe = world of tanks. I was updating the client. 194.146.191.226 type: outgoing, Port:6881, process:wotlauncher.exe
  2. C:\Program Files (x86)\Dolby Home Theater v4\pt-br\pcee4c.resources.dll was detected on December 10 as a Trojan.MSIL then got quarantined. I'm thinking that this is a false positive, but wanted to make certain. My machine is running fun and haven't had any issues so hopefully it's just a false positive and I can restore the file. I'm attaching the log that I ran today and the logs that were created on the 10th as reference if needed. Thanks
  3. We were having some issues with an image that was newly created so we ran a scan out of curiosity and it showed a resultant Trojan.agent within the Windows/hosts file. As the build is a new build we are wondering if it is a false positive and therefore a remnant of an incomplete wipe of the disc due to reformatting using only the Windows disk from Dell. I have attached the log file as evidence if that helps. Thanks in advance, Mike bmrt-log-2013-12-09 (12-36-04).txt
  4. Domain as www.tallerescorauto.es, www.congresoasenhoa.es, www.decadiz.net, ... are in the IP http://209.123.181.82 and blocks all Please, you can check and comment me on why they are blocked
  5. Auto Protect is detecting Acrobat.exe at launch and quarantining it as Tronjan.downloader.BD. This BREAKING pc's ALL OVER our company (AGAIN!). Log file: 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting protection 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Protection started successfully 2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting IP protection 2013/11/01 06:10:04 -0400 BEDROOM (null) MESSAGE IP Protection started successfully 2013/11/01 06:47:06 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.10.31.08 to version v2013.11.01.02 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 06:47:25 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 07:56:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 07:56:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 09:11:37 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.02 to version v2013.11.01.03 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 09:11:43 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 09:11:53 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 10:04:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:04:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 10:57:09 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 10:57:10 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 11:45:38 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.03 to version v2013.11.01.04 2013/11/01 11:45:44 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 11:45:49 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 13:01:43 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 13:01:44 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 14:13:17 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.04 to version v2013.11.01.05 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 14:13:34 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 15:13:00 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 15:13:01 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 16:09:22 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.05 to version v2013.11.01.06 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 16:09:40 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:09:31 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully: database updated from version v2013.11.01.06 to version v2013.11.01.07 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Starting database refresh 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Stopping IP protection 2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Database refreshed successfully 2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Starting IP protection 2013/11/01 17:09:42 -0400 BEDROOM Travis MESSAGE IP Protection started successfully 2013/11/01 17:52:21 -0400 BEDROOM Travis MESSAGE Executing scheduled update: Hourly | Silent 2013/11/01 17:52:22 -0400 BEDROOM Travis MESSAGE Database already up-to-date 2013/11/01 18:06:22 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE 2013/11/01 18:08:18 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE Acrobat.zip
  6. After updating my definitions today, I ran a scan, and MalwareBytes v1.75.0.1300 "found" hundreds of paths and files that it says are risks. However, even with system and hidden files showing, these paths and files simply don't exist. Here's an excerpt from the scan log, and all of these are bogus. Please advise! " c:\documents and settings\administrator\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\all users\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\azakiud\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\default user\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\dsanch6\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\esmws\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\gmatuti\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\mbrady9\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\p-inst\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\documents and settings\rdicks1\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\windows\system32\config\systemprofile\start menu\programs\windows\msn.exe (Backdoor.Agent.DC) -> No action taken.c:\program files\javasuppot\msn.exe (Trojan.Agent) -> No action taken.c:\windows\system\sexy.exe (Backdoor.Agent) -> No action taken.c:\publicos windows\msn.exe (Trojan.Banker) -> No action taken.c:\documents and settings\administrator\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\all users\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\azakiud\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\default user\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\dsanch6\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\esmws\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\gmatuti\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\k2admin\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\localservice\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\mbrady9\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\networkservice\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\p-inst\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\documents and settings\rdicks1\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\windows\system32\config\systemprofile\application data\installdir\msn.exe (Backdoor.Agent) -> No action taken.c:\windows\system32\system 32\msn.exe (Backdoor.Bifrose) -> No action taken."
  7. I ran Chameleon as per the FAQ instructions and it showed no probs on my system. I then ran my regular av scan with Avast. Avast detected Chameleon as a hidden rootkit threat and quarentined it in the chest. Is this a false positive? To be honest, I have been having a really bad time with my laptop, starting with a lot of lag, then a BSOD. I ended up at the Avast forum trying to figure out what was going on, but nothing was really resolved. I still believe there is something on my sstem. Whenever I try searching for certain things related to virus or moceooft errors, I usually get the same search results and the pages are none that I have ever heard of. Vefry frustrating. I also saw some personal info pop up in a forum, as if someone had access to private info. Sooo...still ned to find out what is going on there. Any help would be appreciated . Thanks!
  8. Hi, Our customers wrote us about Malwarebytes application blocking 2 of our sites (ecommerce stores), which are hosted with Exohosting in Slovakia. These are definitely false positives, though I'm not sure about shared IP. Blocked IP 92.240.253.14, affected sites: chlpacik.sk, canin.sk Is that possible to white-list domains in your DB? Or do we need to purchase dedicated IP from hosting company? Or is it possible to find a reason why IP is blacklisted and not particular domains on that shared IP? Thanks for shedding some light on that. -peter.
  9. One of our users have told us that Malwarebytes blocks our IP. Could you please check and hopefully remove it from your blacklist? Thanks.
  10. Hi there, We use a particular software called Trapeze and we're getting a scan result identifying a trojan.randsom.ae on the EXE file. MS Security Essentials and Check Point Endpoint are not finding any such thing. We are using Corporate edition of Malwarebytes Anti-malware. Thanks, Jason trapeze.zip
  11. Just downloaded the latest update and Malwarebytes is now marking critical system files as Trojan.Downloader.ED. Running version 1.75.0.1300 Build date: 4/4/2013 2:50:30 PM Database Information: Date: 4/15/2013 6:33:21 PM Database Version: v2013.04.15.12 Fingerprints loaded: 260233
  12. Hello, We have a field service application we develop, and for some reason, one of the DLLs we build for our program is getting flagged as a Trojan.FraudPack. The machine we build it on doesn't have any other infected files, and it's not picked up by any other anti virus programs that we run, so we believe it's getting picked up as a False Positive. Here is the log output: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 ksg :: KG-WIN7X64 [administrator] Protection: Enabled 9/16/2013 11:51:03 AM MBAM-log-2013-09-16 (12-22-55).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 702016 Time elapsed: 31 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Projects\XE2\SP5Titan\Application\SPSCSUPP.dll (Trojan.FraudPack) -> No action taken. (end) SPSCSUPP.zip
  13. I believe MBAM scanner has detected a false positive. I don't have a zip file capacity but I will try to upload the file here. If it is not uploaded I have failed, in which case please advise. (I have just tried and failed to upload the file as hpqscnvw.exe, so I renamed it hpqscnvw.txt, and have uploaded it. I hope this is acceptable.) My MBAM log of the scan is this: Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Joe :: JOE [administrator] 13/09/2013 21:17:02 MBAM-log-2013-09-14 (14-01-37).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 395512 Time elapsed: 6 hour(s), 54 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Progs\HP\Digital Imaging\bin\hpqscnvw.exe (Trojan.Bredolab) -> No action taken. (end) When I install the HP software I put in in a folder I named "Progs" rather than "Program Files". I tend to do this with all applications that I install where I am given a choice. Regards hpqscnvw.txt
  14. The website of the company I work for has been given a new unique IP address by our web hosting company, on a new web server. The name is mijn.syntess.nl (.30) . It is on a shared server that listens on the name shared05w.prioserve.nl (.11) . I mention the two IP addresses .11 and .30 because those are the two that I need access to, but perhaps the blockade impacts a greater address range, I don't know. It is the website for our customers, so any of our customers who also uses Malwarebytes probably cannot reach it also. Could you please specify the reason for blocking? Is it a new range for our hoster, was it unused? Or was ot perhaps previously used by some malicous party indeed? Thank you in advance.
  15. Dear team, I am writing to you on behalf of my company, IronSource, developer of a world leading installation platform known as InstallCore which is being used by some of the largest product development and distribution companies in the world. Among our customers you will find CNET (download.com), foxtab.com, JDownloader.org, Alcohol-soft.com, ICQ and many more. It has come to our attention that your Anti-Virus is detecting our installer as a "Adware.Downloader.01.Net". This is obviously a false-positive case which has dramatic negative consequences over our business and is hurting our users and business partners. We are sure that this happened by mistake and we would appreciate if you could kindly remove our site from your Adware blacklist. We would also appreciate if you could provide us with more information regarding this situation and whether there is anything specific we need to modify in order to avoid such events in the future. We are more than willing to cooperate on this matter. You can download the relevant marked file from here: We look forward to hearing from you at your earliest convenience. Best regards, Adam Chakir, Advocate | Head of Compliance
  16. yeah i think this is a false positive, can io ask to make sure here's the logs Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 User :: SARAHNEW-PC [administrator] 27/08/2013 19:04:59 MBAM-log-2013-08-27 (19-33-46).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399281 Time elapsed: 26 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\User\AppData\Local\Temp\mt_ffx (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm\1.8.11.11 (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------- since there folders i can't scan using virus total, however it's zone alarm. i've attached the folders, however each detection is just the next folder down. mt_ffx.zip
  17. 11 files that had never previously registered a problem with Malwarebytes Pro, suddenly gave me a Malware.Packer.RA warning. I update my database daily and run a daily scan. I've attached the logs from yesterday and today. What additional information do you need to fix this problem? mbam-log-2013-08-27 (04-30-03).txt MBAM-log-2013-08-28 (08-40-34).txt
  18. Hello, I'm representative of WnSoft Ltd. We received complaints from our users about false positive ('Trojan.Downloader') in Malwarebytes software for our product: PicturesToExe Deluxe 7.5.10 www.wnsoft.com/picturestoexe I uploaded 3 sample files: http://www.wnsoft.com/files/test/false-positive/picturestoexe-false-positive.zip Password: 1234 1. PteViewer5.exe - slideshow engine. 2. PCExecutable.dat - engine for executabke slideshows. 3. pte7510.exe - example of created slideshow. Thanks solve this problem ASAP.
  19. Received this notice a few hours ago: Copied and pasted from the log file: 2013/08/16 10:51:11 -0400 DETECTION C:\Program Files (x86)\Howler\DogLua.exe Trojan.Inject.NR QUARANTINE Before this, no notice. My antivirus scan shows no analomy. Could this be a false positive after the last update? This is Project DogWaffler Howler. Also: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Protection: Enabled 8/16/2013 1:50:44 PM MBAM-log-2013-08-16 (13-56-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 297067 Time elapsed: 4 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC8445A0-F7C7-42F4-A01F-BFE517676756} (PUP.Optional.Tarma.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\InstallMate\{CC8445A0-F7C7-42F4-A01F-BFE517676756}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\ProgramData\InstallMate\{CC8445A0-F7C7-42F4-A01F-BFE517676756}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken. (end) Please advise
  20. I have used malwarebytes for a long time and only recently am I getting what I THINK are a lot of false positives. I am curious : a) how do I determine what is a false positive and how do I keep malwarebytes from pointing out one that I am sure IS false? b) if I am indeed getting false positives, why now? This is the same software I've had installed for months. So here are some example jpg's of what I think are false positives. *The first one I got was from Autorun Eater. I've used it for a long time, as I say, running alongside AntiMalware and only recently am I getting what I am about 99.9% sure is a false positive. I wrote AutoRun Eater about it and they assured me it is a false positive. *The next ones I got are now coming every time I use UTorrent. I am using UTorrent 3.13.27xxx and I did update it from the older version recently so maybe that has something to do with it. But now every time I download a torrent I am getting various warnings whereas I've been using UTorrent for over a year and never had warnings like this before. *The final one is re 4shared desktop and while I do have an account it isn't even running, unless it's running in the background somehow and I don't know about it. So if anyone can enlighten me on this stuff please do. In the past I have used malwarebytes antimalware pro with no issues like this at all, and it's weird that suddenly I'm getting them. EIther I'm suddenly under attack (but haven't changed anything to my knowledge to cause that) or else MB is giving me false positives up the ying-yang. So which is it? Thanks for your help in sorting this out!
  21. Hi, We are getting ready to relase an update to our users and the update file is being flagged as PUP.Optional.DefaultTab. This is a regular update with bug fixes, etc., to our users. In all cases our user have opted to install our software, so the PUP flag seems inappropriate. Thanks, Steve Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 swise :: EDL05 [administrator] Protection: Enabled 7/29/2013 3:10:31 PM MBAM-log-2013-07-29 (15-10-48).txt Scan type: Custom scan (C:\tempdt\DTUpdate134.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\tempdt\DTUpdate134.exe (PUP.Optional.DefaultTab) -> No action taken. DTUpdate134.rar
  22. high, i just ran Malware bytes on my GFs computer, it found that askInstallChecker-1.1.0.0.exe was a virus, i find this hard to belive since it was on the PC since she bought it. (Pre-dilivery) since then she's had it 3 months with no detection. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 User :: SARAHNEW-PC [administrator] 28/07/2013 11:28:23 MBAM-log-2013-07-28 (11-54-33).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390820 Time elapsed: 25 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\Desktop\askInstallChecker-1.1.0.0.exe (Trojan.Fakealert) -> No action taken. [c2e00b57f7758caa1561380e6e939769] (end) also attached the log file and a 7zip with the detection askInstallChecker-1.1.0.0.7z MBAM-log-2013-07-28 (11-54-33).txt
  23. I did a a scan with malwarebytes and got this: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] Protection: Enabled 7/11/2013 2:58:40 PM MBAM-log-2013-07-11 (15-13-39).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 216779 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Is this malware?
  24. Please remove this file signatures. This is not virus. RAR password 'infected' virustotal.com report: https://www.virustotal.com/ru/file/f19231e2995d27fb61b8afe749b88c5df03c8efb0c62e0d9f417c7562290ca43/analysis/1372978061/ lineagelauncher_not_virus.rar
  25. So I find the following. Whole log is as an attachment. Windows 7 Service Pack 1 x64 NTFS Folders Detected: 1 c:\tmp\setup\chk64flashx (Backdoor.Agent) -> No action taken. [e90c6bd04329cc6a551a98a36b97f20e] Files Detected: 5 c:\tmp\setup\chk64flashx\flq64ix.exe (Backdoor.Agent) -> No action taken. [a55080bbb0bcbd79d4143d07689ab34d] c:\tmp\secheck.dll (Trojan.Agent) -> No action taken. [55a0b883c5a70234795e95b9a062a060] c:\tmp\tran.exe (Trojan.Agent) -> No action taken. [74812a11a0cccc6a6573351931d1a15f] c:\tmp\google-img.exe (Trojan.Banker) -> No action taken. [8a6b2912da9245f1780eb4a620e2748c] c:\tmp\daumcleans.exe (Backdoor.Agent) -> No action taken. [e1145ae1fb71a5915235dc8d946ff808] I have scanned my computer also with superantispyware, emsisoft, avast, dr.web cureit, lavasoft adaware, kaspersky avp tool and norman malware scanner and they didnt find anything. Also i cant find c:\tmp folder even in safemode. So I'm little bit clueless what this is o.O MBAM-log-2013-06-29 (12-15-30).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.