Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Hello All, When trying to launch Half-Life 2: The Lost Coast from my Steam application, Malwarebytes flags the exe file as well as some of the additional files as Malware, specifically labeling it as a Malware.Packer.RRE, it quarantines the file and prevents the game from launching. At first I was concerned, thinking that the game file had somehow really been infected, so I quarantined and deleted everything that was flagged, restarted the computer, did a full scan and my PC registered as being clean and free of any Malware. I then re-downloaded a clean copy of The Lost Coast from Steam, and again, it was flagged as Malware and prevents me from launching. Is anyone else having problems with launching Steam games and where they get flagged as Malware, specifically The Lost Coast?
  2. Malwarebytes blocks IP which belongs to Kaspersky. It is carried out by avp.exe (C:\Program Files\Kaspersky Lab\Kaspersky [version]\avp.exe), which is a file belonging to the Kaspersky protection module. I'm assuming that it is used for updates??
  3. MBAM is blocking IP (vuhps.org). I'm certain that this is a false positive because I helped start that website for a collegiate group and am in regular contact with the site maintainer.
  4. Hello Malwarebytes, I updated Anti-Malware to the latest database version (913042702) and ran a full scan today. Here's what I got after running the same scan in developer mode: Files Infected: C:\Windows\System32\COMMAND.COM (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C] This never happened before. I'll be pleased if you guys could check this one whether it's a false positive or not. I've zipped everything and attached it in this post. The zip file includes the following files: COMMAND.COM -> the file reported as "infected" COMMAND.md5 -> MD5 checksum of the file for verification mbam-log-2013-04-27 (13-41-29).txt -> the detailed log of my scan in developer mode Regards, viruskiller mbam-false-positive-2013-04-27.zip
  5. Thank you for your help in the past. I think I've found yet another one. A scan of the computer turns up this result. " ...\FAT-Engine SDK + demos v1.22 BETA - fat.zip (Trojan.Agent.NR) -> No action taken. [19028d807fed5ed82d4ff02cae53738d] ...\FAT-Engine SDK + demos v1.22 BETA - fat.zip (Trojan.Agent.NR) -> No action taken. [04177a93224a330384f82af2649dad53] " FAT-Engine, is a generic Raycasting Engine for the TI-89, TI-89T, TI-92+ and TI-V200 (collectively known as TI-68k) calculators. < http://tict.ticalc.o...ref_other_games > I suspect this one is another false positive since scans of the file in question with AVG and Spybot Search & Destroy both come up clean. Note: Both files listed in the log provided by this post are just copies of the same file. Thank you. -Files and log attached. MBAM-log-2013-05-10 (01-09-50).txt FAT-Engine SDK + demos v1.22 BETA - fat.zip Please help. Thanks.
  6. Is this a false positive? Thank you for your help in the past. I think I've found another one. A scan of the computer turns up this result. " ...\PSS_Player_1.26.zip (Spyware.Passwords.XGen) -> No action taken. [ea921eef8ddff73fd070fe8d4eb27d83] " PSS Player v1.26 is a program for playing/converting the full motion videos used in various video games. I suspect this one is another false positive since scans of the file in question with AVG and Spybot Search & Destroy both come up clean. -Files and log attached. PSS_Player_1.26.zip MBAM-log-2013-05-10 (13-54-56).txt Please help. Thank you.
  7. Hello: This is an old program written by Karen Kenworthy. http://www.karenware.../powertools.asp Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2013.05.02.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: OWNER-A5CF1B4D9 [administrator] 5/2/2013 7:42:29 PM MBAM-log-2013-05-02 (20-26-55).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 231615 Time elapsed: 43 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\Owner\My Documents\Software\Karenware\ptalarm-setup.exe (Adware.AdRotator) -> No action taken. [0b549d6de6863ef843b6d782986905fb] C:\Documents and Settings\Owner\My Documents\Submissions\FPs\ptalarm-setup.exe (Adware.AdRotator) -> No action taken. [ef7038d23b312b0bf8010a4ff50cdc24] C:\Documents and Settings\Owner\My Documents\Submissions\FPs\ptalarm-setup.zip (Adware.AdRotator) -> No action taken. [134c7397492324127584db7ef1105ba5] (end)
  8. I would like to verify if IP is on the blacklist because it is a malicous site or a false positive. Can some help verify this please. Thanks ConSol IT
  9. Hello, I'm partly working for a company where the contractors from all over the world are connected to a central database via a Citrix access platform. If, in my Internet Explorer 8, I define this Citrix access platform as my Start page, MBAM automatically considers that my startpage has been hijacked: Elément(s) de données du Registre détecté(s): 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (https://iscis.multis...te/default.aspx) Bon: (http://www.google.com) -> Aucune action effectuée. [93b31fcd0d5e88aeb9d96a87000341bf] As soon as I switch back to my www.google.ch startpage, there are no more treats detected. I could verify exactly the same problem with another colleague situated in another country (also using IE8). I hope this info will contribute to your excelent product, and would of course be grateful to have some feedback from you. Unfortunately there is a problem attaching my log file (size: 2 kb) to this post: MBAM-log-2013-04-27 (18-40-21).zip Upload Skipped (Error302) Can you please tell me how I can send it to you ? shall I paste it here? Thank you for this useful tool ! Inés, Switzerland.
  10. I got this address as a false positive for a malicious website. Here's the report and address: Firewhenreadypottery.com | Firewhenreadypottery IP Lookup (IP: Hostname: firewhenreadypottery.com IP Address: Host of this IP: apache2-heavy.catoosa.dreamhost.com Organization: New Dream Network ISP: New Dream Network City: Brea Country: United States State: California Postal Code: 92821 Timezone: America/Los_Angeles Local Time: 21.04.2013 07:43:31 And regardless of which browser I use, any time I click on anything, the "blocked potentially malicious website" warning goes off. It's as annoying as the beeping on my Prius! Thanks for looking into this.
  11. This site was not listed as being a unsafe by either hpHost or Sucuri SiteCheck So why is Malwarebytes blocking it? I had been on the site last month and the week before last and I didn't get any warnings. Yesterday and today, I'm getting these pop up from Malwarebyes and Firefox saying that it's an unsafe site and it's blocked. Why? Anway, just thought you should be made aware of it. (BTW my AVG Internet Suite Link Shield didn't give me any warnings either)
  12. This is my website PaladinPM.com. This site is hosted by GoDaddy, so I know you may block entire ranges of addresses, but if you are flagging GoDaddy sites, it may make your new feature unusable to many. I have not made any changes to the site in sometime and am wondering why it is being flagged as malicious. Also if and how it can be unblocked.
  13. Your software is generating a false positive for the pdf995 printer driver download at www.pdf995.com. Please correct this issue.
  14. I'm using Malwarebytes and I don't know whether this is a known issue or not, but on certain C programs that I wrote (which allocate memory dynamically) are flagged as Trojans when I compile them with the Borland bcc32 compiler. None of the programs which use static memory allocation are flagged when compiled with the old Borland compiler (now Embarcadero). Some of my programs have been flagged in the past when I have compiled (Windows PE format) with gcc (Gnu Compiler Collection). None of the compiler sets produce any warnings when scanned, so it seems to be something peculiar to the executables produced by compilation. I just compiled the same programs with dynamic memory allocation with the Microsoft ® C/C++ Optimizing Compiler Version 15.00.30729.01 for x64 (under Windows7) and they produce no warnings. I am aware that I can exclude this directory from scanning, but I am reporting this for your benefit that you might find the cause of the false positive. Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2013.03.19.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 cordelle :: KAREEM [administrator] 3/27/2013 3:43:33 PM MBAM-log-2013-03-27 (15-45-36).txt Scan type: Custom scan (c:\borland|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1463 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\Borland\listargs.exe (Trojan.Ransom.ANC) -> No action taken. [0bd4d2f055167bbb3ec09479827f12ee] c:\Borland\qarglist.exe (Trojan.Ransom.ANC) -> No action taken. [a13e9a285c0f89ad926c5bb2f908d030] (end) MBAM-log-2013-03-27 (15-45-36).zip
  15. Fire Heart Desktop Gadget and Heart On Fire Screensaver False Positives.zip Hello! I'm a software vendor (www.LaconicSoftware.com) and some time ago I discovered some problems with my apps. The MB log along with the false positive'd files is attached. Hope for your help.
  16. I hope that I'm posting this correctly based on the rules of the thread. I recently, as in a couple days ago, got a quarentine notice of 2 "Trojan.Passwords.LD". The files that were quarentined were: C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBLiveUpdate.dll I just recently updated the Lenovo software that came with the laptop, using Lenovos' updater, and I was surprised that MalwareBytes flagged these files. I've also not noticed anything really weird happening with my machine so I'm just a little curious as to what MalewareBytes has found. I'm attaching all the logs that I think are required for posting in this thread. If there is anything else that needs to be scanned please let me know. mbam_logs.zip
  17. The Humboldt-Del Norte Foundation for Medical Care is blocked by Malwarebytes and it should not be. Please unblock. Thanks.
  18. Hello All, Walked in to my computer today and had an alert from Trend Micro OfficeScan that their real-time scan had detected TROJ_GEN.R31C0C7 as a virus in chameleon\mbam-killer.exe It alerted several times, all for the same location. I think that mbam-killer.exe is a valid file from research. Is this just a false positive, or should I be more concerned? Thanks David
  19. HI, The Ip range as below is blocked 1 of the IP belongs to the mail server of realplus-asia.com. Please unblock it if it is believed to be clean
  20. We have been reported that Malwarebytes shows WinLock processes as "Trojan.Agent.Gen" malicious processes. This is a false positive. Our software contains no trojans or malware. WinLock: http://www.crystaloffice.com/winlock.exe WinLock Pro: http://www.crystaloffice.com/winlockpro.exe Thank you!
  21. Hi, I've had a couple of complaints from players stating that Malwarebytes is blocking access to my site http://www.redflushcasino.eu How can I get this false positive removed, without telling each player to add the site to their exception lists on Malwarebytes?
  22. Starts few minutes ago. here's the screenie ; Temporary turn filesystem protection OFF
  23. belongs to a local reputable company. If I use a computer that does not have malwarebytes installed, the website loads and their doesn't appear to be a problem. Could this be a false positive?
  24. Hey guys. I've found a "security.hijack". I'm guessing, it's a false positive, like this one: http://forums.malwarebytes.org/index.php?showtopic=113609 Just to be safe, I would like to hear your opinion on it. Here is my log: In that registry folder, there are two keys: "(Standart)", which seems to be empty, and "Debugger", which contains "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe". - I'm using Tuneup 2012's program deactivator to completely deactivate itunes, as long as I don't need it. - I use Avira Antivirus 2012 premium and it never found anything. - I downloaded itunes (as far as I remember, since I am very careful about what I download and install) directly from apple. So, I have two questions now: 1. Am I right, that this "Security.Highjack" can be ignored? 2. If yes: What if I put it on the ignore-list and after that some malware actually compromises that registry key? Would MBAM ignore that as well? Regards Max
  25. Legacy version of Universal Server file unidelay.exe is suddenly showing as malware after having been on computer for years. See attached log (with /developer switch) and unidelay.exe. Fairly certain this is a false positive. mbam.zip
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.