Jump to content

Search the Community

Showing results for tags 'false positives'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. I just bought the domain thetruckersgroup.com I set up page and was blocked when I tried to access the site. I need to have this block removed. Thank you.
  2. My company is receiving complaints from users who are seeing issues with search results and content being blocked by Malwarebytes Anti-Malware, specifically the Real-Time Protection module in the Premium edition: Detection, 9/10/2015 2:26 PM, SYSTEM, W8E209013, Protection, Malicious Website Protection, Domain,, csr.inspsearchapi.com, 26933, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe, The IP addresses being blocked are part of the range used by our Amazon CloudFront CDN and so all of our hosted and partner sites that are being served content from the CDN
  3. Getting blocked by malwarebytes. NOTE: the IP reported by malwarebytes is not the same and the software appears to be redirecting the domains to the local ( ip? Domain names I've observed this include: dmofa.work, mcmsite.work and sub-domains of these two domain names. The host is GoDaddy - fresh malwarebyte scan of my PC shows no issues. Sites load and behave normally with no issues when I go in using my phone or a PC that does NOT have malwarebytes installed. If there is a problem, I'd be the guy to tell about it since I built the sites and it's my hosting account. No exp
  4. I am using version (the latest) with the most recent datbase. I scanned my system and MBAM detected several executables in my downloads folder that it identified as Trojan.FakeScanner.DT2. However, those files don't exist in my downloads folder (at least according to Windows Explorer). I had MBAM remove the "threats", rebooted, and ran the scan again. The same set of objects were detected. I've done this three times now. I know Explorer doesn't show everything, but I do have hidden files set to be displayed. And I know some infections can reinstall removed files. But what's going on
  5. Hi, I'm new to the Forum. I have tried researching the topic online and contacting MBAM support directly. Neither has helped so far. I think that is, in part, due to the fact that I want to understand what is going on before jumping on a removal process. From MBAM's own website: "The 'PUM' (Potentially Unwanted Modification) detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings. If you made the modification, you can
  6. I ran a scan and it detected RKill (eXplorer.exe version) as Heuristics.Reserved.Word.Exploit virus. This is a false positive. It even says on the website "This renamed copy may trigger an alert from MBAM. It can be ignored and is safe". Please fix this.
  7. Absurd False Positives ??? Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\mwac.sys, , [a646c2ddb8c46e9b20a326faf566646c], Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\GUBootStartup.sys, , [0636745a40dea06283d45885c228af01], Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\mbam.sys, , [ca43f8904e24bbe49982e4c0b29e6579], Even ''mbam.sys'' (Malwarebytes Anti-Malware's own file) identified as ''Unknown.Rootkit.Driver'' - VERY STRANGE! Malwarebytes Anti-Malware_False Positives.rar
  8. Hello, A repeated number of times, our blog readers on reddit have reported our blog to be blocked by malwarebytes: http ://www.reddit .com/r/programming/comments/2o9nkl/do_you_really_understand_sqls_group_by_and_having/cmlb4od The article in question is here: http ://blog.jooq .org/2014/12/04/do-you-really-understand-sqls-group-by-and-having-clauses/ It is a wordpress-hosted blog with no special plugins activated. Could you please help us whitelist our blog? Best Regards, Lukas from Data Geekery
  9. Last week MBAM started intercepting TeamViewer and JustCloud. Everything was running fine until now. I don't know why the sudden change in PUP detection, unless it is tied to the latest update. Here's what I have done to prevent this to no avail.... 1) listed the programs as excluded in the holding pen or whatever you call it 2) set up a Custom Scan with the programs excluded 3) Rebooted my PC. Also, MBAM will not allow me to restore these false positives. The error reports are attached. MBAM errors.txt
  10. Yesterday, I purchased and installed Malwarebytes Anti-Exploit Premium and Anti-Malware Premium. My previous program, Vipre Business, had detected and removed some trojans and other things, but my employer owns that, I retired in March and assist that company at times from home, but I didn't like Vipre for several reasons. FYI, Malwarebytes doesn't slow down my system as did Vipre. Ok, so no malware has been detected by Malwarebytes. However, as others have experienced, it is blocking two IP addresses. I need advice as to whether I should click the "Exclude Website" button for either of
  11. Scanned with MBAM newest version; v YouTube to MP3 Converter is detected als PUP, If i remove it, MBAM remove the full program... Please FIX ASAP!!
  12. We utilize AD and GP's for our end user desktops, MBAM thinks they are malicious keys. I figured the MSP version would be aware of this, however that's not the case. Is there a way around this issue? Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [a25ba859314a9b9b5cfe62cc55aff50b] HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action take
  13. Malwarebytes' Anti-Malware blocks elza.ru Other malware online-scanners did not found any malware (see screens).
  14. Hello everyone, My program Smart CMD (it's Dutch, but I'm working on an English translation) is seen by Malwarebytes as a Backdoor.MSIL.P. This scares a lot of people off not to download, so you can ensure that the program is no longer seen as a virus? Virustotal scan Thanks for the effort, RoelK
  15. Last night, downloaded and ran tdsskiller on my win 8 system "just in case" (had no particular concern, just thought I'd see what it found) It identified 125 "threats". I was surprised (given that I'm a seasoned IT pro and I have about 6 layers of "protection"). Been here before, though, so didn't panic. Uploaded the first half dozen allegedly "fake" sys files to virustotal. All had been scanned before and all were given clean bill of health (0/47). Which tells me I'm not the first to have this problem. So then I try SFC /scannow and it too reports dozens of "corrupt" sys files and attemp
  16. After I installed the Nirsoft utilities a MWB full scan reported 24 problems. I downloaded the software from MajorGeeks and they warned that the files would trigger false positives. nirsoft_package_1.17.22.zip MBAM-log-2013-03-28 (11-26-52).txt
  17. All coming from " outgoing, Port: 49543, Process: csgo.exe)" which is from playing a game called counterstrike go.
  18. We upgraded a network of computers to the latest to and we when we run a flash scan we keep getting these false positives on files that don't exist. We have removed and and resinstalled malwarebytes using the mbam clean utility but we still get these results with a flash scan. Attached is the results file from today using the mbam.exe /developer method. We cannot find these files on our network anywhere even in the supposed P drive mapping which would be a network drive. We have tried removing off line files locally but still we cannot find these infected files. We therefore a
  19. I have been trying to get to this site which I am being told is safe to visit but it keeps getting blocked by malwarebytes but not by my firewall (sonicwall tz210 with gateway antivirus installed and uptodate). Please help and advise. thank you www.buildzoom.com
  20. Please Check this link:http://bbs.360safe.com/forum.php?mod=viewthread&tid=48270 C:\Program Files\360\360Safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot. C:\Program Files\360\360Safe\leakrepair.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\360\360Safe\360leakfixer.exe (Trojan.Agent) -> Delete on reboot. C:\Program Files\360\360Safe\ipc\patchcheck.dll (Trojan.Agent) -> Delete on reboot. C:\Program Files\360\360Safe\modules\360vulsetup.exe (Trojan.Agent) -> Delete on reboot. False positives caused by Malwarebytes. qihoo 360 safe is the most popular
  21. Hi, Mail IP for the domain below blocked upt.com.my We believe it is a clean IP Please unblock it. Looking forward your prompt reply
  22. Hello I am having a problem with my server my ip my sites on my server are being blocked by malewarebytes when the button website blocking on is checked i cant access my sites or server until I uncheck the option. All my ips and sites are clean I believe this is a false positive can I please be removed from any blacklist that my server or domains may be on. Please Server Ip is below Thank you!!
  23. Malawarebytes Build Date: 1/13/2012 Db Version: 2012.07.26.11 Date: 7/26/2012 Components of the following safe Applications are falsely identified as malware: 1. ERUNT, the registry backup tool -- AUTOBACK.EXE (38,912 bytes) -- MD5: E00DE20F0F6BED5CD2160247DDC9443B2. Universal Extractor, the archive utility -- WUN.exe (49,152 bytes) -- MD5: 13E5B4AE40F413C44C6B3B93DFCA08813. UBCD4Win, the bootable CD builder utility -- infred.exe (47,104 bytes) -- MD5: 6F5A84905A8B03133F5D4DE3BA10407A
  24. Address is , website is www.animefushigi.com . It's an anime streaming site, and one I've used for a couple of years with no issues.
  25. Hi, MBAM is returning the file mb_driver_audio_realtek_azalia.exe as Trojan.Agent. I downloaded this file directly from my motherboard manufacturer while doing weekly maintenance. Conducted custom file scans (using context menu) prior to opening it with Kaspersky and Spybot S&D - neither found a threat. Im thinking this is either a FP, or the heuristics is just a bit aggressive on .exe files. Here is a developer log from the scan: Database version: v2012.01.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Scott :: AVA-375908-1 [administrator] Protection: Disabled
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.