Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, We are getting ready to relase an update to our users and the update file is being flagged as PUP.Optional.DefaultTab. This is a regular update with bug fixes, etc., to our users. In all cases our user have opted to install our software, so the PUP flag seems inappropriate. Thanks, Steve Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 swise :: EDL05 [administrator] Protection: Enabled 7/29/2013 3:10:31 PM MBAM-log-2013-07-29 (15-10-48).txt Scan type: Custom scan (C:\tempdt\DTUpdate134.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\tempdt\DTUpdate134.exe (PUP.Optional.DefaultTab) -> No action taken. DTUpdate134.rar
  2. high, i just ran Malware bytes on my GFs computer, it found that askInstallChecker-1.1.0.0.exe was a virus, i find this hard to belive since it was on the PC since she bought it. (Pre-dilivery) since then she's had it 3 months with no detection. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 User :: SARAHNEW-PC [administrator] 28/07/2013 11:28:23 MBAM-log-2013-07-28 (11-54-33).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390820 Time elapsed: 25 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\Desktop\askInstallChecker-1.1.0.0.exe (Trojan.Fakealert) -> No action taken. [c2e00b57f7758caa1561380e6e939769] (end) also attached the log file and a 7zip with the detection askInstallChecker-1.1.0.0.7z MBAM-log-2013-07-28 (11-54-33).txt
  3. I did a a scan with malwarebytes and got this: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] Protection: Enabled 7/11/2013 2:58:40 PM MBAM-log-2013-07-11 (15-13-39).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 216779 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Is this malware?
  4. Please remove this file signatures. This is not virus. RAR password 'infected' virustotal.com report: https://www.virustotal.com/ru/file/f19231e2995d27fb61b8afe749b88c5df03c8efb0c62e0d9f417c7562290ca43/analysis/1372978061/ lineagelauncher_not_virus.rar
  5. So I find the following. Whole log is as an attachment. Windows 7 Service Pack 1 x64 NTFS Folders Detected: 1 c:\tmp\setup\chk64flashx (Backdoor.Agent) -> No action taken. [e90c6bd04329cc6a551a98a36b97f20e] Files Detected: 5 c:\tmp\setup\chk64flashx\flq64ix.exe (Backdoor.Agent) -> No action taken. [a55080bbb0bcbd79d4143d07689ab34d] c:\tmp\secheck.dll (Trojan.Agent) -> No action taken. [55a0b883c5a70234795e95b9a062a060] c:\tmp\tran.exe (Trojan.Agent) -> No action taken. [74812a11a0cccc6a6573351931d1a15f] c:\tmp\google-img.exe (Trojan.Banker) -> No action taken. [8a6b2912da9245f1780eb4a620e2748c] c:\tmp\daumcleans.exe (Backdoor.Agent) -> No action taken. [e1145ae1fb71a5915235dc8d946ff808] I have scanned my computer also with superantispyware, emsisoft, avast, dr.web cureit, lavasoft adaware, kaspersky avp tool and norman malware scanner and they didnt find anything. Also i cant find c:\tmp folder even in safemode. So I'm little bit clueless what this is o.O MBAM-log-2013-06-29 (12-15-30).txt
  6. Hello All, When trying to launch Half-Life 2: The Lost Coast from my Steam application, Malwarebytes flags the exe file as well as some of the additional files as Malware, specifically labeling it as a Malware.Packer.RRE, it quarantines the file and prevents the game from launching. At first I was concerned, thinking that the game file had somehow really been infected, so I quarantined and deleted everything that was flagged, restarted the computer, did a full scan and my PC registered as being clean and free of any Malware. I then re-downloaded a clean copy of The Lost Coast from Steam, and again, it was flagged as Malware and prevents me from launching. Is anyone else having problems with launching Steam games and where they get flagged as Malware, specifically The Lost Coast?
  7. Malwarebytes blocks IP 217.23.9.122 which belongs to Kaspersky. It is carried out by avp.exe (C:\Program Files\Kaspersky Lab\Kaspersky [version]\avp.exe), which is a file belonging to the Kaspersky protection module. I'm assuming that it is used for updates??
  8. MBAM is blocking IP 173.213.108.211 (vuhps.org). I'm certain that this is a false positive because I helped start that website for a collegiate group and am in regular contact with the site maintainer.
  9. Hello Malwarebytes, I updated Anti-Malware to the latest database version (913042702) and ran a full scan today. Here's what I got after running the same scan in developer mode: Files Infected: C:\Windows\System32\COMMAND.COM (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C] This never happened before. I'll be pleased if you guys could check this one whether it's a false positive or not. I've zipped everything and attached it in this post. The zip file includes the following files: COMMAND.COM -> the file reported as "infected" COMMAND.md5 -> MD5 checksum of the file for verification mbam-log-2013-04-27 (13-41-29).txt -> the detailed log of my scan in developer mode Regards, viruskiller mbam-false-positive-2013-04-27.zip
  10. Thank you for your help in the past. I think I've found yet another one. A scan of the computer turns up this result. " ...\FAT-Engine SDK + demos v1.22 BETA - fat.zip (Trojan.Agent.NR) -> No action taken. [19028d807fed5ed82d4ff02cae53738d] ...\FAT-Engine SDK + demos v1.22 BETA - fat.zip (Trojan.Agent.NR) -> No action taken. [04177a93224a330384f82af2649dad53] " FAT-Engine, is a generic Raycasting Engine for the TI-89, TI-89T, TI-92+ and TI-V200 (collectively known as TI-68k) calculators. < http://tict.ticalc.o...ref_other_games > I suspect this one is another false positive since scans of the file in question with AVG and Spybot Search & Destroy both come up clean. Note: Both files listed in the log provided by this post are just copies of the same file. Thank you. -Files and log attached. MBAM-log-2013-05-10 (01-09-50).txt FAT-Engine SDK + demos v1.22 BETA - fat.zip Please help. Thanks.
  11. Is this a false positive? Thank you for your help in the past. I think I've found another one. A scan of the computer turns up this result. " ...\PSS_Player_1.26.zip (Spyware.Passwords.XGen) -> No action taken. [ea921eef8ddff73fd070fe8d4eb27d83] " PSS Player v1.26 is a program for playing/converting the full motion videos used in various video games. I suspect this one is another false positive since scans of the file in question with AVG and Spybot Search & Destroy both come up clean. -Files and log attached. PSS_Player_1.26.zip MBAM-log-2013-05-10 (13-54-56).txt Please help. Thank you.
  12. Hello: This is an old program written by Karen Kenworthy. http://www.karenware.../powertools.asp Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.02.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: OWNER-A5CF1B4D9 [administrator] 5/2/2013 7:42:29 PM MBAM-log-2013-05-02 (20-26-55).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 231615 Time elapsed: 43 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\Owner\My Documents\Software\Karenware\ptalarm-setup.exe (Adware.AdRotator) -> No action taken. [0b549d6de6863ef843b6d782986905fb] C:\Documents and Settings\Owner\My Documents\Submissions\FPs\ptalarm-setup.exe (Adware.AdRotator) -> No action taken. [ef7038d23b312b0bf8010a4ff50cdc24] C:\Documents and Settings\Owner\My Documents\Submissions\FPs\ptalarm-setup.zip (Adware.AdRotator) -> No action taken. [134c7397492324127584db7ef1105ba5] (end)
  13. I would like to verify if IP 184.168.184.1 is on the blacklist because it is a malicous site or a false positive. Can some help verify this please. Thanks ConSol IT
  14. Hello, I'm partly working for a company where the contractors from all over the world are connected to a central database via a Citrix access platform. If, in my Internet Explorer 8, I define this Citrix access platform as my Start page, MBAM automatically considers that my startpage has been hijacked: Elément(s) de données du Registre détecté(s): 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Mauvais: (https://iscis.multis...te/default.aspx) Bon: (http://www.google.com) -> Aucune action effectuée. [93b31fcd0d5e88aeb9d96a87000341bf] As soon as I switch back to my www.google.ch startpage, there are no more treats detected. I could verify exactly the same problem with another colleague situated in another country (also using IE8). I hope this info will contribute to your excelent product, and would of course be grateful to have some feedback from you. Unfortunately there is a problem attaching my log file (size: 2 kb) to this post: MBAM-log-2013-04-27 (18-40-21).zip Upload Skipped (Error302) Can you please tell me how I can send it to you ? shall I paste it here? Thank you for this useful tool ! Inés, Switzerland.
  15. I got this address as a false positive for a malicious website. Here's the report and address: Firewhenreadypottery.com | Firewhenreadypottery IP Lookup (IP: 208.113.215.136) Hostname: firewhenreadypottery.com IP Address: 208.113.215.136 Host of this IP: apache2-heavy.catoosa.dreamhost.com Organization: New Dream Network ISP: New Dream Network City: Brea Country: United States State: California Postal Code: 92821 Timezone: America/Los_Angeles Local Time: 21.04.2013 07:43:31 And regardless of which browser I use, any time I click on anything, the "blocked potentially malicious website" warning goes off. It's as annoying as the beeping on my Prius! Thanks for looking into this.
  16. This site was not listed as being a unsafe by either hpHost or Sucuri SiteCheck So why is Malwarebytes blocking it? I had been on the site last month and the week before last and I didn't get any warnings. Yesterday and today, I'm getting these pop up from Malwarebyes and Firefox saying that it's an unsafe site and it's blocked. Why? Anway, just thought you should be made aware of it. (BTW my AVG Internet Suite Link Shield didn't give me any warnings either)
  17. This is my website PaladinPM.com. This site is hosted by GoDaddy, so I know you may block entire ranges of addresses, but if you are flagging GoDaddy sites, it may make your new feature unusable to many. I have not made any changes to the site in sometime and am wondering why it is being flagged as malicious. Also if and how it can be unblocked.
  18. Your software is generating a false positive for the pdf995 printer driver download at www.pdf995.com. Please correct this issue.
  19. I'm using Malwarebytes 1.70.0.1100 and I don't know whether this is a known issue or not, but on certain C programs that I wrote (which allocate memory dynamically) are flagged as Trojans when I compile them with the Borland bcc32 compiler. None of the programs which use static memory allocation are flagged when compiled with the old Borland compiler (now Embarcadero). Some of my programs have been flagged in the past when I have compiled (Windows PE format) with gcc (Gnu Compiler Collection). None of the compiler sets produce any warnings when scanned, so it seems to be something peculiar to the executables produced by compilation. I just compiled the same programs with dynamic memory allocation with the Microsoft ® C/C++ Optimizing Compiler Version 15.00.30729.01 for x64 (under Windows7) and they produce no warnings. I am aware that I can exclude this directory from scanning, but I am reporting this for your benefit that you might find the cause of the false positive. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.19.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 cordelle :: KAREEM [administrator] 3/27/2013 3:43:33 PM MBAM-log-2013-03-27 (15-45-36).txt Scan type: Custom scan (c:\borland|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1463 Time elapsed: 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\Borland\listargs.exe (Trojan.Ransom.ANC) -> No action taken. [0bd4d2f055167bbb3ec09479827f12ee] c:\Borland\qarglist.exe (Trojan.Ransom.ANC) -> No action taken. [a13e9a285c0f89ad926c5bb2f908d030] (end) MBAM-log-2013-03-27 (15-45-36).zip
  20. Fire Heart Desktop Gadget and Heart On Fire Screensaver False Positives.zip Hello! I'm a software vendor (www.LaconicSoftware.com) and some time ago I discovered some problems with my apps. The MB log along with the false positive'd files is attached. Hope for your help.
  21. I hope that I'm posting this correctly based on the rules of the thread. I recently, as in a couple days ago, got a quarentine notice of 2 "Trojan.Passwords.LD". The files that were quarentined were: C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBLiveUpdate.dll I just recently updated the Lenovo software that came with the laptop, using Lenovos' updater, and I was surprised that MalwareBytes flagged these files. I've also not noticed anything really weird happening with my machine so I'm just a little curious as to what MalewareBytes has found. I'm attaching all the logs that I think are required for posting in this thread. If there is anything else that needs to be scanned please let me know. mbam_logs.zip
  22. The Humboldt-Del Norte Foundation for Medical Care is blocked by Malwarebytes and it should not be. Please unblock. Thanks.
  23. Hello All, Walked in to my computer today and had an alert from Trend Micro OfficeScan that their real-time scan had detected TROJ_GEN.R31C0C7 as a virus in chameleon\mbam-killer.exe It alerted several times, all for the same location. I think that mbam-killer.exe is a valid file from research. Is this just a false positive, or should I be more concerned? Thanks David
  24. HI, The Ip range as below is blocked 180.149.252.0/24 1 of the IP 180.149.252.120 belongs to the mail server of realplus-asia.com. Please unblock it if it is believed to be clean
  25. We have been reported that Malwarebytes shows WinLock processes as "Trojan.Agent.Gen" malicious processes. This is a false positive. Our software contains no trojans or malware. WinLock: http://www.crystaloffice.com/winlock.exe WinLock Pro: http://www.crystaloffice.com/winlockpro.exe Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.