Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Good morning. This address indeed in the past, had problems, and this machine without my knowledge was spreading some spyware. That happened about seven months ago. I would like to be removed from the blacklist. Thank you. Best regards,
  2. 2012/06/10 23:47:00 -0700 ANDY-PC Andy IP-BLOCK (Type: outgoing, Port: 63907, Process: firefox.exe) This is my own server (new) from a very reliable company liquidweb.com. They have run a very indepth scan of the server and my website and their are no virus or malware anywhere. Please add to the safe ip list, and this next update. Thank you
  3. Dear team, I am writing to you on behalf of my company, IronSource, developer of a world leading installation platform known as InstallCore which is being used by some of the largest product development and distribution companies in the world. Among our customers you will find CNET (download.com), foxtab.com, JDownloader.org, Alcohol-soft.com, ICQ and many more. It has come to our attention that your Anti-Virus is detecting our installer as a "Adware.Downloader.01.Net". This is obviously a false-positive case which has dramatic negative consequences over our business and is hurting our users and business partners. We are sure that this happened by mistake and we would appreciate if you could kindly remove our site from your Adware blacklist. We would also appreciate if you could provide us with more information regarding this situation and whether there is anything specific we need to modify in order to avoid such events in the future. We are more than willing to cooperate on this matter. You can download the relevant marked file from here: We look forward to hearing from you at your earliest convenience. Best regards, Adam Chakir, Advocate | Head of Compliance
  4. http://stonewallcampground.com I don't do malware! please correct this mistake. Thank you, jake mockler
  5. Hi, Our software, TMP.exe, which has been around for years is suddenly appearing as trojan.backdoor. (Earliest version was deployed Oct 2008!) Appreciate it if you could have a look asap. Richard Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.05.16.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 rgrayling :: RG_VISTA2 [administrator] 16/05/2012 15:44:31 mbam-log-2012-05-16 (15-54-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 293661 Time elapsed: 9 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken. [3262745908546fc73c4890ac04009070] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\TMP\TMP.exe (Trojan.Backdoor) -> No action taken. [7d171fae322ab97d1efa7e7107fcec14] (end) mbam-log-2012-05-16 (15-54-40).zip
  6. Good evening, Trying to access this website (www.lacaf.org), but blocked for suspicious activities. Colleagues running Karpensky and Norton have no such problems. Updated to version v2012.13.05.01. Do you need any other information from my end to investigate? Thanks Jeff ScreenShot003.bmp
  7. After troubleshooting my website to figure out why it wasn't loading on some peoples' computers, I discovered that Malwarebytes was blocking it. The site is paradoxian.com and the IP address is My web hosting company's guess was that due to the front page of the site being a blank index page, Malwarebytes was reading it as a false positive. If this could be fixed I'd appreciate it, as I plan to use this site for my portfolio and don't want it blocked on some computers. Thank you. The log: 2012/04/27 10:29:13 -0400 SUPPORTB-PC supportb MESSAGE Starting protection 2012/04/27 10:29:15 -0400 SUPPORTB-PC supportb MESSAGE Protection started successfully 2012/04/27 10:29:18 -0400 SUPPORTB-PC supportb MESSAGE Starting IP protection 2012/04/27 10:29:20 -0400 SUPPORTB-PC supportb MESSAGE IP Protection started successfully 2012/04/27 10:30:23 -0400 SUPPORTB-PC supportb IP-BLOCK (Type: outgoing, Port: 49172, Process: firefox.exe)
  8. Hello, I am the Postmaster for Platinum Synergy Group Inc. We are a web development company, and we also create and manage marketing, business and transactional emails for our clients. Currently, a block of our mailserver ips is giving a false-positive on Malwarebytes. These servers are used to send transactional, business materials (such as corporate newsletters) and marketing emails (to confirm-opt-in subscribers only) on behalf of our clients. dedicatedmail35.com dedicatedmail36.com dedicatedmail37.com dedicatedmail38.com dedicatedmail39.com dedicatedmail40.com dedicatedmail41.com dedicatedmail44.com Please let me know how to have these servers removed and how they may have been listed in the first place so we can avoid it in the future. If you require any additional information, please let me know. Thank you!
  9. Dear Sir, Madam, We get a false positive on our website or moodle.edudelta.nl. Any idea why this is? See atttachment.
  10. Hello. Our users found that our domain s5o.ru is being blocked by MalwareBytes Anti-Malware. Unfortunately, previous owners of domain s5o.ru were spammers/malwarers so domain was blacklisted in some security lists. We registered it at 14.12.2011 from scratch. Please check black lists, all reports were before this date. (for example, surbl.org listed s5o.ru in mid of 2011, and it's delisted now). Now s5o.ru is short domain for CDN and static files of Sports.ru project. Sports.ru is one of the largest and most respectable Russian site about sports. Organisation has LIR state in RIPE. We will not place any malware on this domain. How can we remove domain and it's subdomains from your block list? Yours, Eugene CTO Sports.ru
  11. Hello, We have a sure false posotive block on many ips from our block at: The most important is blocked at: also blocked:,, Please clear the C class, its routed to us. It's strongly monitored against any illegal or malware activities, and it apears to be clean. Thank you.
  12. Website: http://SquarzPies.com IP: One of our customers emailed me indicating their using your antivirus software and get the following message when trying to access our website: "Malwarebytes Anti-Malware successfully blocked access to a potentially malicious website." Can you help us uncover why our site is being blocked by your software?
  13. http://www.filehost.ro/3032696/kkrieger_beta_zip this is a 2004 revolutionary game, only 96kb, not a virus.
  14. MBAM PRO v. (database v2012.02.02.08) quarantined a file on 02-Feb-2012 at C:\ProgramData\games.exe that I believe is a false positive. The zipped file, as well as a log file from a Quick Scan run in developers mode, is attached. This file is a Macromedia Flash application and has been on my hard drive since 09-Mar-2011. I installed both WinRAR 4.00 and HP QuickPlay 3.7.7508 on that same date, so I suspect it was part of the HP QuickPlay installation. A previous on-demand Quick Scan two days ago (31-Jan-2012) with database v. v2012.01.31.09 did not flag games.exe as a potential threat. I also have Norton Internet Security 2011 v. running in real-time protection mode and NIS Quick Scans have not flagged this file as a threat. My MBAM PRO real-time protection is currently disabled but I have a MBAM Quick Scan scheduled to run daily. mbam-log-2012-02-02 (18-25-07).txt Games.zip
  15. Brand new install of Windows 7 Professional 64-bit. Latest version of Mbam with updated definitions. C:\Windows\System junction node created pointing to C:\Windows\SysWow64 for installation of older programs like Microsoft Office 2000. Mbam sees trojan exploits in c:\windows\system\explorer.exe c:\windows\system\rundll32.exe c:\windows\system\svchost.exe c:\windows\system\userinit.exe c:\windows\system\mstsc.exe c:\windows\system\msiexec.exe c:\windows\system\dllhost.exe and c:\windows\system\ctfmon.exe. Allowing Mbam to quarantine these files results in Windows failures such as Personalization throwing errors. Replacing files using sfc /scannow repairs missing files from know good copy. After reboot and another scan, Mbam once again detects the mentioned files as being trojans and exploits. These files are obviously really in the SysWoW64 folder and so the junction point is throwing Mbam off somehow.
  16. My HostGator server at and all the sites hosted are being blocked by Malwarebytes. I had Hostgator and myself do scans and there is no malicous infections or anything. Can you please help me get the IP address OK'd and cleared from Malwarebytes blocking it? Do you need any other info from me?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.