Search the Community

Hello. We respectfully request the removal of the flag on our software DriverFinder. Flag: PUP.Optional.DriverFinder Kindly note that this is a new version release certified clean and secure by Appesteem: https://customer.appesteem.com/certified?vendor=DESKT Kind regards, Melanie Tan DeskToolsSoft BV DriverFinderInstall.zip

Hello, This is to inform you that I'm in receipt of an FSA abuse report initiated by hphosts against my blog site hosted by WordPress (www.antivirus[.]ink -> https://antivirusink.wordpress[.]com) the hphosts DOES NOT provide the specifics of the abuse except the FSA tag. (pls. see below) Since hphosts claims to use malwarebytes engine to flag hosts for abuse and malicious activity I kindly urge malwarebytes to provide me with the specific details of the abuse as per FSA classification which should fall into one of the following categories: 1. Using misleading means to peddle their products (e.g. claiming the product is free when in actuality, it's just a free scan) 2. Not keeping their affiliates under control (i.e. those affiliates spamming, using BlackHat SEO, or otherwise misleading users) 3. The site is residing on a known malicious IP block Please be reminded that the site does not sell any products (1), does not have and is not signed with any affiliates (2) and is hosted on wordpress.com (3) The site is a security information blog content ONLY and is aimed to raise public's awareness of emerging security threats, phishing attacks and in the wild malware activity. I'm eagerly awaiting your response so I can proceed with the appropriate legal actions further. Kindly, AC

I recently ran Malwarebytes for the first time in a while and the following was detected: Registry Key: 10 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 Are these detections false positives? I have recently installed AVG Tune Up and suspect that some of them maybe false positives. AVG and Antispyware did not detect anything. Scans.docx

I have developed 1 program. Checked with virustotal no error. Malwarebytes www.malwarebytes.com -Protokolldetails- Datum des Schutzereignisses: 29.08.18 Uhrzeit des Schutzereignisses: 06:21 Protokolldatei: 11d39624-ab43-11e8-9429-000000000000.json -Softwaredaten- Version: 3.5.1.2522 Komponentenversion: 1.0.421 Version des Aktualisierungspakets: 1.0.6545 Lizenz: Premium -Systemdaten- Betriebssystem: Windows 10 (Build 17134.228) CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu blockierter Schadsoftware- Datei: 1 MachineLearning/Anomalous.94%, D:\testsb\buildtest14.exe, In Quarantäne, [0], [392687],1.0.6545 (end) BUILDTEST14.zip

Hello, I report a false positive, my website url is blocked by Malwarebytes Anti-Malware URL Blocked : rxcloud.fr.nf Best Regards, RoxasDev

Hi, I've been using MalwareBytes Free on my computer for a number of years, never had a problem and only use it for the bare basics - only 'safe' websites (Wikipedia, Facebook) and don't use it a great deal anyway. Did a scan this morning and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well - I'd just like to know what it was and whether it was a real problem or a false positive. I did a large Windows update (1803) last night and wonder if that's related? I have looked over this forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I understand that MalwareBytes is using new detection systems to stop malware, and so hopefully this is a teething problem rather than a real concern. I'm pretty savvy about computer safety, but still I'd rather be certain that everything is OK. I'm attaching the exported report here. There are no other visible signs of infection (slowing down, redirects etc). Thank you! MB Report.txt

Hello, We have fully cleaned and replaced the hacked version of this site Ccfriendsofwildlife.org. During this process we fully cleaned any hacked files on the system included the site's themes and plugins. We have also ensured the database is clean and removed all the injected content from the servers and checked and removed any malicious processes. We have checked the site using the "site: google search" and bad links we have also used fetch and render in google to ensure there is no bad content. All suspect javascript loaded and it's content has also been inspected. We have also performed a "curl" against the front page with a google bot user and again there is no spammy content returned or injected content. On top of this and most importantly we have placed the website behind an enterprise grade web application firewall to ensure this site has a high level of protection against any future attacks. Could you please ASAP remove any hack label and security warnings for this site.

Hi, a program that has been on our server for years came back as Spyware.Lokibot. It has never scanned as Spyware before, so I am curious as to why it would suddenly start scanning as such. On the hourly scan, it came back two hours in a row, then didn't appear anymore. It is these two files Name Type Category Status Path Spyware.LokiBot File Malware Quarantined C:\PROGRAM FILES (X86)\SPICEWORKS\NMAP-5.61-SPICEWORKS-SETUP.EXE Spyware.LokiBot File Malware Quarantined C:\PROGRAM FILES\WINPCAP\RPCAPD.EXE and the programs installed are Nmap 5.61-Spiceworks 05/19/2016 Spiceworks Desktop 7.5.00087 05/19/2016 Spiceworks, Inc. WinPcap 4.1.2-Spiceworks 4.1.0.2001 05/19/2016 CACE Technologies Please let me know if this was a false positive, or possibly caused by an update to Spiceworks (not sure if it updated automatically or anything).

Please remove my website www.acasadibarbara.it, we had a problem in February but now is clean Thanks DAVID

I have the same file information however I am using the cloud point software. I added snips from the scan that was completed.

Hi, i have a problem with my application and Malware Bytes 3.4 I've developed an application and its exe file is detected as MachineLearning/Anomalous.94% (obviusly it's not a malware ) Is there a way to avoid this detection? Thanks

Tried to look this up, but couldn't really find anything. I am not really experienced in this stuff. Sorry if this is a stupid question. I have MBAM 3 and after scanning my C drive with rootkit option on, it detected 2 threats, called Unknown.Rootkit.Driver and the location is C:\\Windows\System32\drivers\vwifibus.sys and vwififtl.sys. So these are apparently drivers, and I don't know how they affect my computer. I just quarantined the 2 in the meantime before I figured out anything. I want to note that vwifibus.sys came up a second time in a new scan just now. Quarantined it again. I just want to know if these are just false positives and if I should restore them, or do something else. Not sure if this is related at all to my recent problems of slow and inconsistent internet connections. Thanks for any info