Jump to content

Search the Community

Showing results for tags 'false positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Site is clean. Please review vegecravings.com for blacklist removal
  2. Dear Malwarebytes team, We've cleaned the website http://mindmastery4wealth.com Can you please review and delist this one? Thank you!
  3. After installing the HamApps_JTAlert_2.11.2_Setup.exe, running the program results in an automatic quarantine of the exe, which my Malwarebytes Premium v3.4.5 shows as a file named "MachineLearning/Anomalous.100%". This also occurs on the previous version v 2.11.1. However, previous to that, v2.10.17 runs fine, has run fine since April 2017, and reverting to that shows no malware. The JTAlert file is located at https://HamApps.com , and is a reputable site as well as author. Their previous files have been fault free, and they pay great attention to virus/malware issues. To quote them: Since JTAlert was released in 2011, there have never been any documented virus/malware/trojan infections caused by JTAlert. Prior to making a new JTAlert release publicly available, all JTAlert files and the Installer are submitted to the VirusTotal Online Scanner where scans from over 60 commercial scanners are performed. I would like to see if your organization feels this is a false positive. Thank you in advance. Regards, Mike
  4. I am running adwcleaner 7.1.1 and it is reporting my geneweb v 7 gwd.exe files as a trojan and quarantining them. Geneweb is a french geanealogy site which publishes a source application for local creation of geneanet formatted genealogy files. I don't know why they should show up as a trojan, and I expect that it may be a false positive, unless something has hidden in their coding. Geneaweb.7z
  5. Hello! I was doing a scan on my desktop an hour ago and noticed that I had two detections in my steam library, one in 'Darkwood_Data' managed folder and the other in 'Kingdom New Lands_Data' folder, both flagging a file named 'DOTween.dll' being flagged as 'Spyware.PasswordStealer'. Curiously, because I had the game on my laptop and because it feels like an unusual place to find Spyware in a game's data folders, I scanned the folder for Darkwood on my laptop and sure enough, it got flagged too. Is this a false positive or is this actual spyware? I've attached the exported report file for my laptop's detection and a screenshot of where MB found the file for convenience; I will try to get a copy of the report from my desktop as well. Thanks! PossibleFP (laptop).txt
  6. Can you remove our website from being blocked by malwarebytes? It does not have malware... Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/21/18 Protection Event Time: 9:35 AM Log File: 09539282-5d15-11e8-b5ac-4ccc6a27e676.json Administrator: Yes -Software Information- Version: Components Version: 1.0.342 Update Package Version: 1.0.5192 License: Premium -System Information- OS: Windows 10 (Build 17134.48) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: avwebdesigns.com IP Address: Port: [53321] Type: Outbound File: C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (end)
  7. I think this is a false positive (but would like to know either way): The file is the installer downloaded from the link at:https://www.vim.org/download.php#pc , which links to ftp://ftp.vim.org/pub/vim/pc/gvim81.exe as the default installer for MS-Windows. The offending file and log are attached. Thanks for your attention. gvim81.zip GVIM_false_pos.txt
  8. Hello, We have a false positive issue. Our company provides associations and ngos a management / communication platform. It automatically generates their websites. Some users reported that malwarbyte blocks our websites. For info it is hosted by ovh in France. One Example (many other from other subdomains): Category: PhishingDomain: lions-leplessisrobinson.myassoc.orgIP Address: [60972]Type: OutboundFile: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Thank you in advance for your help. Cyril Bouaziz MyAssoc.org capture.docx
  9. Hi, MBAM Premium last night quarantined an old version of Adobe Lightroom 1.4 (that I have used for years) as I was using Lightroom to catalog photos. MBAM identified lightroom.exe and two Win 7 desktop links to lightroom.exe as Malware.Ransom.Agent.Generic. Lightroom is indeed inaccessible now from the Windows Start Button as lightroom.exe is missing from its folder tree under C:\Program Files (x86). Could someone please tell me if ransomeware is capable of imbedding itself into a Windows application executable file (from Adobe)? If not, I will know that I can safely restore the quarantined executable file and chalk off the occurrence as a false positive. If ransomeware IS capable of embedding itself into a Windows application executable, not sure what to do. Please help! And thanks, Bruce
  10. Hi, I have already posted in the forum that our website ucsdcareprogram.com is clean . One of your staff members said that the block is being removed on 11-May-2018 but still its not removed . Please let us know how much time you will take to remove the block (phishing status). Waiting for your response.
  11. I have written a program in C# on my own machine, and it is being used on some of our other machines, and My malware bytes keeps flagging it as the title of this post. there is nothing malicious with my code is there any way I can prevent this? Files for malwarebytes.7z
  12. Hi, This website (http://ucsdcareprogram.com) have been hacked. We have removed the hacked code from the website now the website is clean. You will find "Malwarebytes HpHosts" in the attached screenshot of Virustotal scan... Please, update your database. Website is clean it does not contain any hacked code.
  13. Hi, My website (legentilphotographe.com) have been hacked last february and all the damage has been wiped and securised but some antivirus are still blocking its access to my customers. You will find "Malwarebytes HpHosts" in the attached screenshot of Virustotal scan... Please, update your database because I am loosing all my customers because of this... Help ! Denis
  14. Good day, Some of our clients have come across a problem on our website, please can you clean all the malware off of www.acdc.co.za. Kind Regards, Janine
  15. This program is a very old Hex Editor that has been around for years. This morning Malwarebytes reported it as having "Ransom.Dharma" after many many previous scans completing without a detection. Please find attached the log file and the two files in a zip file. XVI32.zip
  16. Our website was hacked a month ago, we cleaned up everything and even switched the server so everything is fine now. Please remove our website (http://goldeneaglesusa.com) from your blacklist.
  17. Our website was hacked a month ago, we cleaned up everything and even switched the server so everything is fine now. Please remove our website (http://greenfieldacresrealty.com) from your blacklist.
  18. Hello, thanks for allowing me to join this forum. This is my first post and I am not sure if this is the right thread to post this but please bear with me as I am willing to do what it takes. My boss owns Elitemate.com and our IP has been listed at Malwarebytes and this is the letter/message that we have received: "*.elitemate.com,elitemate.com - Blocked for Fraud.Ads.Scam on 2018-04-23 05:09:58 (ID: 870272) According to the information from the team, the domain has indeed been used for scamming, advertisement through ads/spam and scamming people with fake dates." I am not sure how to get delisted at Fraud.Ads.Scam which is why I am asking for anyone from this forum to help us get delisted. Any help or assistance is highly appreciated. Thank you very much.
  19. Malwarebytes recently found something called PUP.Optional.Simplitec and has quarantined it. Before removing it, I was wondering if anyone knew exactly what it was? It was found in the program files of MAGIX Music Maker 80's Edition which makes me wonder if it's part of that programs files, and so I'm hesistant to delete it. I've attached an image showing the exact file path and item that was quarantined.
  20. Hi there, Please review oeshshoes.com for blacklist status removal. The site has been audited and is clean. Thanks!
  21. Dear Admin, In January, we had a malware and phishing attack. We cleaned up and implemented Sitelock at our hosting provider (NetSol). The site is clean and free of malware. Please reclassify our website. Thank you. Regards Raj ILSE Bio
  22. Our new website (QuadJoy.com) is being blocked. We moved to a new hosting provider along with setting up the new website. We have cleared all other av vendors/online scanners because previous admin was incompetent and didn't fix anything. We would appreciate being cleared. If there is something that needs to be done please let me know. Uploaded the scan log from your Windows scanner. malwarebytes.txt
  23. Hi! I made a scan with the latest version of Adwcleaner 7.1.0 and i dont know if the result are false positives it's: PUP.Optional.InfoG HKLM\Software\Wow6432Node\Classes\INETCTLS.INET PUP.Optional.InfoG HKLM\Software\Classes\INETCTLS.INET What you think? The only thing i found about INETCTLS.INET is 1: Microsoft Internet Transfer Control 2: an object (InetCtls.Inet) that permits to get a page from another site
  24. The URL hxxp://colegiorosales.com is reported by a malicious site, but is a FALSE POSITIVE. It is owned by an spanish school. It is posible to removed it from your malicious sites data base? Thanks.
  25. Hello, I would like to report false positive detection on the file named: PC Privacy Shield Detection: PUP.Optional.ShieldAppsPPS Website with download link: https://shieldapps.com/products/pc-privacy-shield/ Privacy Policy: https://shieldapps.com/privacy-policy/ EULA: https://shieldapps.com/eula/ SHA256: 1e0e1c40ab4c262e2d39b661a147fbf301909302a1ff377a1a5ed4e051d0fbf0 MD5: 618d9f62bb22d160c2b5c25a7aa1780a Screenshots of the detection are in the attachment
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.