Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Our site hxxps://www.radio.bialystok.pl 193.106/104.72 has been blacklisted as " Website blocked due to trojan" by MalwareBytes Browser Extension beta. Please verify as false positive and review blacklist.
  2. This is a script file we created to use. Malwarebytes incorrectly IDs it as bad and quarantines it. I am uploading a zipped copy here per instructions of a tech. All it does is set a path variable, change directory and launch a valid app. It was created because RDP would not run the app just by itself. But if you run the script via RDP, it works. fas.zip
  3. Hi there, Nareg here from Exodus. We have been struggling with our application getting flagged by Malwarebytes, and have about 50 reports from users in the past month. Malwarebytes support is not responding to our support requests. This is the connection being flagged: dnsseed.bitcoin.dashjr.org This is a connection we know about and we use to fetch up-to-date information about wallet balances and transactions. This is what they see: - Nareg from exodus.io
  4. Software that has been on my machine for years is now being detected as a MachineLearning/Anomalous.100%. Virustotal reports this file as 100% clean. virustotal results: https://www.virustotal.com/#/file/56db1a1752af146012280a660eb43d8c029789e5baee3e21e90f5fe1b05875a9/detection The file is ComicRackSetup09178.exe - it's a comic book reader program. The alert is only on the install file that is in my downloads folder. The alert is not on the installed version of the files. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/15/19 Scan Time: 2:17 AM Log File: fdc44e88-46e9-11e9-bfb2-b4ae2bc35c8c.json -Software Information- Version: Components Version: 1.0.562 Update Package Version: 1.0.9694 License: Premium -System Information- OS: Windows 10 (Build 17134.648) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 376732 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 9 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 MachineLearning/Anomalous.100%, C:\USERS\NMSKJ\DOWNLOADS\COMICRACKSETUP09178.EXE, No Action By User, [0], [392687],1.0.9694 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ComicRackSetup09178.zip
  5. We recently launched some new websites which make use of the service Shot Farm, which we are using as a CDN for our product images. Users of Malwarebytes are having our product images blocked with the warning "Website blocked due to Trojan" and referencing the domain "di.shotfarm.com" (which is our CDN domain). Example screenshot is attached- here's the URL: https://www.bellhelmets.com/en/c/dirt-bike-helmets Our customer service department is getting a lot of very worried calls from our customers who are also users of Malwarebytes- we would really appreciate it if you could stop connections to this domain as Trojans. Thanks!
  6. Hi Team, Please remove the Blacklist removal for the below-mentioned domain sunnylandingpages.com, since it is blocking. We found no malicious file present in webroot on analysis. Please have a look and if you found any suspicious please provide the links which would help us to remove. mb.txt
  7. Dear Malwarebytes Team, my file got detected with "MachineLearning/Anomalous.100%", i created it with dotnet framework, why it got detected ? these are the details of the report -Log Details- Protection Event Date: 2/24/19 Protection Event Time: 3:26 PM Log File: d1c40a8c-3837-11e9-9650-b06ebf50c25a.json -Software Information- Version: Components Version: 1.0.538 Update Package Version: 1.0.9406 License: Premium -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 MachineLearning/Anomalous.100%, C:\Users\****\Desktop\961API_-_Full_Licensing_API_Tool.exe, Quarantined, [0], [392687],1.0.9406 (end) 961API_-_Full_Licensing_API_Tool.zip
  8. So I trade crypto. I run into scams and malware on the regular, its not a big deal to me personally as i think of myself as quite security savy. I have been looking for a very useful feature(OCO order types) that isnt offered by the exchange i use to trade on (Binance).So I've done plenty of digging and looking around for a legit 3rd party piece of software and encountered plenty that offer the feature i am looking for but are obvious scams. I did however run into this platform that looks by far worth the effort and risk of getting more info on it as the level of software is by far the most professional grade stuff i have encountered to date! Here is the link to the software https://www.quantower.com/ , after downloading i am getting two hits through MB being these which i will attach below. I havnt been able to find much info on these or even get any response from the platforms official twitter handle after asking "whats up with these results?" so hopefully someone here can clear this up for me! Here is my reddit post about this as well if anyone has any interest in commenting there as well 😄 https://www.reddit.com/r/CryptoCurrencyTrading/comments/arbl6k/trading_software_that_offers_oco_order_types_on/ PS. those entries will not be added to the reg. until after installing and running the application shortcut they create that links to the "Starter.exe"
  9. The extension lists asean.org as a malicious site. But it is a regional intergovernmental organization website. I'm not sure that it is hacked or it's just a false positive.
  10. Dear Support team, our customer's website www.ursulinen.at has been declared as malicious in its blacklist since November. Unfortunately, there were security problems in November, but these are already fixed. Please remove IP, www.ursulinen.at, ursulinen.at from their database. Yours sincerely Chris
  11. We've scanned this site and it seems to be clean, care to re-test? Thanks!
  12. Someone has reported that my personal website is being blocked. It's a static website hosted on GitHub Pages. URL: https://tkashkin.tk Screenshot: https://imgur.com/mME8LFX Website repository: https://github.com/tkashkin/tkashkin.github.io GitHub issue: https://github.com/tkashkin/tkashkin.github.io/issues/2
  13. Good day, Could you please unblock shop.vana-events.nl als "malware website"? I checked in 3 different ways and there are no troyan horses or that kind of harmful parts on the website/webserver. There is a good firewall and virusscanner installed on the server to prevent this. We are an eventservice and we are selling event merchandise on that webshop url. Thank you in forward! And could you please let me know why our website is blocked, since there is no troja horse on it? Has somebody (angry visitor or something) reported it or is it an ip-range thing? Thanks for your time and all the best, Rob van der Stelt Vana Events
  14. Potential game launcher malware, I would like to see if they are a false positive or not. Here's the log, as well as a sample of the files in question. As a sidenote, these files are indeed "cracked" game files, and I do not get the same result with the originals. Note that also, only some of the varied language .exe files were detected as potential malware at first, and on a second scan I believe it determined another file to be potential malware, too. I would mainly like to know, if possible, if the files are indeed malware, or if they are only being detected as such due to the "cracked" nature of the files. Thank you for reading. FF7 Malwarebytes Scan.txt FF7 Cracked Launcher Files - MWB.rar
  15. Hi there, The website has been cleaned already and is requesting for another review.
  16. Dear Team, Our genuine websites are URLs are getting blocked by malwarebyte agents, kindly check and whilelist them. below are the URLs and domains. URLs https://support.247techies.com https://www.247techies.com Domains support.247techies.com support.247techies.com 247techies.com Regards, Hashan
  17. Our product IDEP/CN8 for Windows, built for Microsoft .NET Frameworks 2.X and 4.X is being detected as a false positive This product is being updated regularly thus the signature, version and size of the file may change over the year. We are currently rolling out our version for the year 2019 and some of our clients are experiencing problems. We would appreciate a quick remediation to this problem. Thanks in advance, Marius idep.zip
  18. Hello! FP with option “Enable scam protection” on safe and clean site: http://www.comss.info/list.php?c=security Please remove FP. Thanks.
  19. Goodnight, Apparently our website is giving false positive in your systems: www.zener.es It appears as a Phishing site but we have already solved all our problems. Can the situation be corrected? Can you check my website again? Thanks for everything
  20. Malwarebytes in good company (https://www.virustotal.com/#/file/035877bf8ca678541a8142e65e7f4bccd8d903642aac93deedf0276561aa57f1/detection )detects and quarantines a commercial cots component from DataAccess corporation. Product info https://www.dataaccess.com/products/dataflex/features-243 Problem statement, The compiled web apps are triggering false positives by MalwareBytes which result in quarantine. The files are believed benign, system is clean room level pristine clean Latest rev of MalwareBytes and signatures and the vendor product DataFlex2017- www.malwarebytes.com -Log Details- Scan Date: 11/20/18 Scan Time: 5:55 PM Log File: 6b17659c-ed17-11e8-bfd2-d8cb8aefeb7e.json -Software Information- Version: Components Version: 1.0.482 Update Package Version: 1.0.7943 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: DESKTOP-U0ISPN2\backup -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 5 Threats Quarantined: 0 Time Elapsed: 0 min, 11 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Module: 2 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) WebApp.7z
  21. We have fully cleaned and replaced the hacked version of this site wgstudioslabel.com. During this process we fully cleaned any hacked files on the system included the site's themes and plugins. We have also ensured the database is clean and removed all the injected content from the servers and checked and removed any malicious processes. We have checked the site using the "site: google search" and bad links, we have also used fetch and render in google to ensure there is no bad content. All suspect javascript loaded and it's content has also been inspected. We have also performed a "curl" against the front page with a google bot user and again there is no spammy content returned or injected content. On top of this and most importantly we have placed the website behind an enterprise grade web application firewall to ensure this site has a high level of protection against any future attacks. Could you please ASAP remove any hack label and security warnings for this site.
  22. I am the owner/administrator of Save-Point.Org. Just recently, we changed hosting services and users of MalwareBytes and Malwarebytes Premium have been noticing that the forum is now blocked due to Hijacking. This is a false positive. I am sending you screenshots from three browsers, and MBAM report from a computer that I can access that too has MalwareBytes Premium which generates this erronius warning.
  23. hpHosts’ Ad and tracking servers is blocking the community comments section of PressTV.com, and the live video stream of RT.com... the two greatest sources for real news on earth. Please fix this asap. @@||w.hypercomments.com^$domain=www.presstv.com @@||rt-news.secure.footprint.net^$domain=www.rt.com
  24. Hey all, I have a plugin for Internet Explorer that I need to run in order to watch legal video streams. Unfortunately, I can't run it while Malwarebytes is running because the browser crashes and Malwarebytes gives me the reply you can read in the attached file. Can anyone explain how to exclude this addon so I can watch the video streams? I don't want to exclude IE altogether because I don't want to be exposed to malware. Thanks! error.txt
  25. A few of my programs are being detected as malware while they are nothing but in-house programs these programs will not work out of our domain, so if you try and open them I guarantee they will probably crash... just a heads up please let me know asap as this is preventing us from doing work at the moment thanks! Report.txt Reported EXE.zip
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.