Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. MBAM is currently the only one in VirusTotal to report. (It was submitted for the first time few months ago, back then 5 other products reported something) None of the 41 engines in metascan reported something. Malwarebytes Anti-Malware (PRO) Database version: v2012.12.29.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Protection: Disabled 2012-12-29 17:05:49 Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 231797 Time elapsed: 7 second(s) Files Detected: 1 C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateDrv.exe (Trojan.Agent.Gen) -> No action taken. [25faaa3aa0bda294ab0cea7d49bae719] UpdateDrv.zip
  2. Is this a false positive? Thank you for your help a couple of days ago <http://forums.malwar...howtopic=119465>. I think I've found another one. A scan of the computer turns up this result. " ...\GCC4TI 0.96 Beta 10 (win32 setup) -gcc4ti\setup-gcc4ti.exe (Trojan.Agent) -> No action taken. " setup-gcc4ti.exe is the installer for the GCC4TI project, an SDK for the TI-89, TI-89T, TI-92+ and TI-V200 (collectively known as TI-68k) calculators in the C and ASM languages. <https://github.com/d...uxl/gcc4ti/wiki> or <http://trac.godzil.net/gcc4ti/>. I'm fairly certain this one is another false positive since this same file came up clean when I did a scan just a couple of days ago. Scans of the file in question with AVG and Spybot Search & Destroy both come up clean, so I'm really hoping this is just another false positive. -Files and log attached. Please help. Thank you. setup-gcc4ti.rar mbam-log-2012-12-14 (18-13-13).txt
  3. it is false positive please check again <this is virustotal scan link> https://www.virustotal.com/file/ec7d8ad6463df41b178b84e738922af9833f5a961a7b930bab4b7fe2354dd1d7/analysis/1355210964/ <this is virustotal scan result> SHA256: ec7d8ad6463df41b178b84e738922af9833f5a961a7b930bab4b7fe2354dd1d7 SHA1: e6c76bdcff8ec9509fbce4a423c25877ae38ce46 MD5: 97f24c71446ff0cd93ada3de96d6f296 File size: 314.1 KB ( 321656 bytes ) File name: FastPing_Install.exe File type: Win32 EXE Detection ratio: 1 / 45 Analysis date: 2012-12-11 07:29:24 UTC ( 0분 ago ) LogAndTargetFile.zip
  4. Is this a false positive? Scanned of computer turns up this result. " Registry Keys Detected: 2 HKCR\CLSID\{E9373BD9-7363-427F-A2A6-1E8BA91FFB3E} (Trojan.Agent) -> No action taken. [acc68954bba241f56ab198888d7726da] HKCR\Interface\{E9373BD9-7363-427F-A2A6-1E8BA91FFB3E} (Trojan.Agent) -> No action taken. [acc68954bba241f56ab198888d7726da] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Alternative Program Files\TiEmu3-gdb\tiemups.dll (Trojan.Agent) -> No action taken. " tiemups.dll is part of TiEmu - a TI89(ti)/92(+)/V200 emulator, and seems to have had issues as a false positive in the past since a google search turns up: <http://sourceforge.net/projects/gtktiemu/forums/forum/73169/topic/2094898>. I'm not sure what the registry keys are. I suspect they are part of that same program (which for some reason was really annoying to get installed and set up correctly) so I left them alone (I didn't want to screw up something in the registry by removing them... I just hope I did the right thing). Scans of this PC with AVG and Spybot Search & Destroy both came up clean, so I'm really hoping the keys are also false positives. But I'm worried since today was the first time Malwarebytes Anti-Malware got updated on this PC in a month and so they might be unrelated to that program and be actual problems. -Files and log attached, not sure how to attach the registry keys (or if you even need them). So far nothing has been removed or deleted. Please help. Thank you. tiemups.rar mbam-log-2012-12-12 (05-28-22).txt
  5. Hi. IP : domain : francepointspermis.fr MBAM blocking my website. My site is hosted by OVH, I opened a ticket with them too thanks for help
  6. 2012/11/28 20:59:33 -0500 DATASLUM andrew IP-BLOCK (Type: outgoing, Port: 60629, Process: firefox.exe) This IP belongs to: http://www.sxtpdevelopers.com Which is a well known developers / rom leak website for Galaxy S II Epic 4G Touch Would appreciate the site unblock. I was just attempting to browse the site when a tooltip popped up saying it was blocked by Malware.
  7. In the last day, a full scan detected one trojan: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGalleryRepair.exe (Trojan.Inject). I made a screen print of the results from the scan and attached it (for what it's worth). I've attached the DDS.txt and Attach.txt files - in order to run as administrator I opened up a command prompt run as administrator and ran DDS.com from my desktop. After detecting it, I first ignored it and sent the file to VirusTotal which showed 0/43 detecting anything (see attached). I ran the scan again in /developer mode thinking it might be a false positive and have attached the logfile generated. Afterwards I quarantined it, but thought I'd restore it to see if was detected by other scans and in case needed for further investigation. After highlighting and clicking restore several times it finally "disappeared" from the quarantine, but now it's nowhere to be found. It appears to have been deleted instead of restored as it was visible before quarantining... I ran a full MBAM scan after the quarantine & attempted restore and all came up clean. I did try several other scans after but got the BSOD for IRQL_NOT_LESS_OR_EQUAL but chalk that up to trying to do too much at one time. Everything appears to be up and running fine since, but want to make sure I truly am clean, know if it was picked up somehow, or was an fp. Thanks in advance! Also meant to say I'd googled the executable and it appears this is a legitimate file, but unfortunately now can't compare it with known versions...oh and noticed I hadn't posted the VirusTotal scan (for what it's worth, lol). Again thanks in advance for your assistance! dds.txt attach.txt 10-17-12 MBAM detection.rtf mbam-log-2012-10-17 (07-05-50).txt Virus Total scan.rtf
  8. We our a small software company that builds custom software for law enforcement agencies, one of our programs shows up as a Trojan when running Malware bytes and leads the user to believe it is a Trojan. When this happens, of course they remove our exe file causing our software be disabled. What do we need to do in order to prevent this from happening? mbam-log-2012-11-16 (08-29-49).zip
  9. hi this is my first post on this forum .. there is some thing wrong with my ip ..or domain .. its fastertorrent.net my antivirus always block the site ,, please check the problem thanks in advance
  10. While visiting the harmless site Flabber.nl . See the log file attached. Kind regards, Gert protection-log-2012-11-05.rar
  11. I was browsing website http://www.up-magazine.info which is hosted by OVH and use a shared IP ( Thousands of French websites are blocked because is detected has a possible threating IP address.
  12. After an hour of playing tf2 this came out and the database had just updated 5 mins before i stopped playing,im not sure if it is a false positive it was the first time it popped up
  13. Hi there, Out software "Affixa" (www.affixa.com) is being identified as Trojan by Malwarebytes. I've attached the developer log, exports of the registry keys concerned and the Browser Helper Object DLL. Can you please review and confirm the status as a false positive? Also, can you confirm whether I'll need to repeat this process for future versions of Affixa, or is it a one-time validation you perform? Thanks in advance! Chris Wood Affixa-MBAM.zip
  14. My website and the server that my domains are on are being blocked by your program. www.furtherfaster12.com & opn.furtherfaster12.com I have have my webhost do a depth scan for virus, spyware, etc. and they find nothing. The only way I can reach my site is to turn of your program. Please as my website and my server to your safe list. IP Thank you AB
  15. Hi, I have a client that alerted me to False Positives that they've seen from your software. The file is: http://downloadcdn.betterinstaller.com/installers/f/1/GumNotes_downloader_by_GumNotes.exe These downloads are marked as Malware SItes - This is a false report on these sites and downloads. The files are clean, there is no malware included in these downloads. BetterInstaller is the server used in a cloud based enterprise level installation platform that enables over 200 software developers to efficiently serve software products during the installation process. The technology is offered by Somoto Ltd and the software is signed by Somoto Ltd. BetterInstaller is already certified by VeriSign! BetterInstaller site and contact form is available anytime at http://www.betterinstaller.com/contact/ Please remove this detection asap and update your database as it is causing damage to our brand and business. Thank you, Shauli
  16. Good morning. This address indeed in the past, had problems, and this machine without my knowledge was spreading some spyware. That happened about seven months ago. I would like to be removed from the blacklist. Thank you. Best regards,
  17. Please let me know what I need to do to be able to access this website. It is a trusted site. Thank you
  18. Malawarebytes Build Date: 1/13/2012 Db Version: 2012.07.26.11 Date: 7/26/2012 Components of the following safe Applications are falsely identified as malware: 1. ERUNT, the registry backup tool -- AUTOBACK.EXE (38,912 bytes) -- MD5: E00DE20F0F6BED5CD2160247DDC9443B2. Universal Extractor, the archive utility -- WUN.exe (49,152 bytes) -- MD5: 13E5B4AE40F413C44C6B3B93DFCA08813. UBCD4Win, the bootable CD builder utility -- infred.exe (47,104 bytes) -- MD5: 6F5A84905A8B03133F5D4DE3BA10407A
  19. Malwarebytes marked this as bad. Checked it on VirusTotal and it was said it was fine. False positive? python_icon.rar
  20. Hi, I've been strugling since 6 months with users reporting me that my website is not accessible without knowing what was the factor. Well, the factor is MalwareBytes that is blocking this IP : for no reason The server (the whole server is mine) there is my website : http://www.seek-team.com that has been suffering from this false positive. I must say that i'm kind of angry because of this situation...
  21. Hi, Please remove IP from your false positive list. The website is www.AudioLabel.com We have been in business for over 10 years, and are far from malicious. We recently changed web servers, and ended up with different IPs address (I guess of the malicious kind). Thanks for your prompt attention to this matter. Best Regards, Tim Rolfe AudioLabel Technical Support
  22. http://stonewallcampground.com I don't do malware! please correct this mistake. Thank you, jake mockler
  23. 2012/06/10 23:47:00 -0700 ANDY-PC Andy IP-BLOCK (Type: outgoing, Port: 63907, Process: firefox.exe) This is my own server (new) from a very reliable company liquidweb.com. They have run a very indepth scan of the server and my website and their are no virus or malware anywhere. Please add to the safe ip list, and this next update. Thank you
  24. Good evening, Trying to access this website (www.lacaf.org), but blocked for suspicious activities. Colleagues running Karpensky and Norton have no such problems. Updated to version v2012.13.05.01. Do you need any other information from my end to investigate? Thanks Jeff ScreenShot003.bmp
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.