Jump to content

Search the Community

Showing results for tags 'positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
  2. C:\Program Files (x86)\Malwarebytes Anti-Malware has a file 00018785.tmp which mbam says has a bitcoinminer also flagged at https://www.virustotal.com/gui/file/ab035af50be02a9227d7b8be1efe61e332531829d3b4f52f45b8584163e7c042/detection What is this? I have mbam long time only flagged by mbam yesterday
  3. Like another user wrote yesterday, MBAM is blocking the following site, in spite of MBAM's response the false positive had been fixed. Today I got this: Category: MalwareDomain: do-69.lastpass.comIP Address: 443Type: OutboundFile: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  4. I tried Malwarebytes Browser beta on my browser Waterfox and i was surprise to see that your product blocked my website https://www.tutoriaux-excalibur.com Due to reputation. My website is clean and don't have any bad reputation, could you fix that please. Thanks
  5. Malwarebytes is detecting IObit Driver Booster Free as a PUP and removing it. This is a false positive. I have uploaded the scan results. Driver Booster False Positive Results.txt
  6. Our site https://www.radio.bialystok.pl has been listed in MalwareBytes Chrome Extension Beta as "Website blocked due to phishing". This seems to be a false positive alert - could you, please, remove it from any URL-blocked lists it appears on. PS. It might be the case that third party (VirusTotal? DrWeb?) software scanner tools report some sites in regional domain: bialystok.pl as source of malicious software?
  7. The domain siscoming.com has been removed all content and migrated to a new server. Please remove our domain from your blacklist as soon as possible.
  8. Our URL http://powerpartners.com.sg has been wrongly classified as Phishing by Malwarebytes. Please check and remove it from your blacklist asap. We have already passed Google's site review. Thank you. malwarebytes protection log.txt
  9. Hey Guys, I think AdwCleaner is giving me a false positive from a program I installed. I went to this site http://www.mediachance.com/dap/photo-to-painting.html and I installed trial version Dynamic Auto Painter also known as DAP. Now when i ran dap it works fine but yesterday I ran AdwCleaner and it gave me this message Trojan.Buzus, C:\Users\xxxxxxxxx\Documents\DAP The xxx is my username that I erased out of post. I scanned my system with MBAM and Kaspersky and several tools from Mcafee and all show my system is clean. So I deleted the folder using adwcleaner and then i ran DAP again. i then ran Adwcleaner and it gave me the same message as before when it recreated that folder. So is this a false positive as there is no reason for the folder to be flagged as Trojan.Buzus? Can anyone please confirm if they have same issue? Dap is new on my system and it is authentic directly from the site and I know the company is safe software. I have done a test installing a couple items after dap to see if Trojan would appear for other programs and no other issues except the DAP folder. Thanks in advance Gren
  10. Hi there, This site was hacked some time ago and has since been cleaned and updated with better security. You can check the url scan here: https://urlscan.io/result/b6016c88-27e8-43af-9ac0-9e449ba3c41a#transactions Thanks.
  11. I am a Senior technician for a la mode technologies, llc. and we are getting reports that one of the files in our software is getting marked as a virus on our customer's machines by Malwarebytes. This is causing issues for both our customers and for use and we would like to have this file scanned and remove from the virus detection to prevent further disruption to our customers work. Thank you, Jason Krise Senior Tech. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/13/17 Protection Event Time: 11:43 AM Log File: aee63d22-b035-11e7-8f15-d8cb8a4f7edc.json Administrator: Yes -Software Information- Version: Components Version: 1.0.212 Update Package Version: 1.0.3005 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Behavior Protection Protection Technique: Exploit payload from UNC blocked File Name: \\ka08\total program share\WinTOTAL.exe URL: (end) Malwarebytes false positive.txt WinTOTAL.zip
  12. Hi, malwarebytes is blocking this domain and somehow marked it as suspicious. Domain is tested via virustotal and sitecheck sicuri, here are results: https://www.virustotal.com/hr/url/4aa27687e7481d6bedf6ae726b365b8dbef0a81e7b8fb48ef590063466264e28/analysis/1506059793/ https://sitecheck.sucuri.net/results/rapidtrk.net Log is in attachment also. This domain contains 1x1 pixel image serving for analytics. Nothing is fake there and for no apparent reason all sites using this pixel are blocked. Can we resolve this please, asap? Thank you in advance. malwarebytes_log.txt
  13. Good day, I'm currently developping a website hosted by 000webhost, and I notice MB blocks it. Informations about my website : Host plateform : 000webhost Website URL : hxxp://dofensive.000webhostapp.com Protection log : -Log Details- Protection Event Date: 02/09/2017 Protection Event Time: 11:54 Log File: bf35dd90-8fc4-11e7-b998-d017c211a21b.json Administrator: Yes -Software Information- Version: Components Version: 1.0.188 Update Package Version: 1.0.2707 Licence: Trial -System Information- OS: Windows 10 (Build 15063.540) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: dofensive.000webhostapp.com IP Address: Port: [50141] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- I have also the same issue with an older website hosted by the same host service. Website URL : hxxp://foxhounddesign.000webhostapp.com Protection log (updated section) : -Website Data- Domain: foxhounddesign.000webhostapp.com IP Address: Port: [50150] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Thanks for your help. Best regards.
  14. I just had MBAM Premium detect a DropBox Windows HKLM Registry Key as Ransomware. I was moving files around inside my DropBox folder when this happened, so MBAM probably picked up on the DropBox.exe process "modifying" (AKA Syncing) these files to the cloud en masse, killed the process, and blocked it from executing. I'd like to first say amazing job at blocking Ransomware in its' tracks - um... if it was actually Ransomware. Malwarebytes version: Component package version: 1.0.103 Update package version: 1.0.1763 No big deal, as I'll just reinstall DropBox and start its' sync process again, and probably whitelist it in MBAM, but I thought I's share in case this has happened to anyone else.
  15. Hi, not sure if I'm rehashing an old issue, but I just downloaded Malwarebytes 3.0.6 (first day of premium trial) and have received the same false positive for both Auslogics BoostSpeed as well as Auslogics Disk Defrag. I believe I am running the latest versions of both AusLogic programs. I would think these are clean programs? Perhaps I should dig deeper on google and see if other users have reported malicious activity from Auslogics software? Thanks
  16. the older 0.9.16 beta removed my windows 10 photos - app. (the exe got quarantined) can anyone please help me to get it back? I already tried unistalling / reinstalling the app via powershell. it is listed as installed in the store but won't run. Thanks
  17. C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\ mbarwind.zip C:\ProgramData\Malwarebytes\MBAMService\logs\ : MBAMSERVICE.zip
  18. Hi, we have contacted your support team and found out that "PUP.Lotoor is a type of rootkit, and PUP.Riskware,Batmob.me is a riskware app". Later, we deleted the files mentioned but the detection still stood. It might be that you have added our package name, "com.mephone.fonts" into your database. Therefore, we will always get positive results unless we change our package name, which is not our intention. Could you please remove our package name out of your database, or tell us how to solve this problem? Attached is our apk (deleting the so called malicious file): LovelyFonts2_huaqin.zip
  19. False positive detecting Cisco/Meraki Systems Manager Network Agent as "Malware.Ransome.Agent.Generic". Jason
  20. Running Auslogics BoostSpeed v6.4.1.0 Anti-Ransomware Beta While performing "Disk Space" cleaning, ARbeta quarantined Boostspeed.exe Program is known clean, genuine.
  21. Pretty much what it says on the tin. It pretty much deleted this program without so much as informing me, and on more than one computer. MWB-3-30-16.txt
  22. So I've been testing all of the DigiPen games, mainly out of boredom, and some are pretty fun but I got to BiFrost which when I downloaded MalwareBytes instantly deleted saying that it contained the BiFrost trojan. I doubt it has a trojan as it is from DigiPen but I thought I'd check here anyway. Game link is http://games.digipen.edu/games/bifrost If someone could check whether it actually has a virus, that would be great. Thanks.
  23. Hello! So today i ran malwarebytes for a full system scan and after half an hour when it finished it told me that it found 2 malicous registry keys; one of them was HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer and HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3E81DDBA-D96E-4341-8C52-4B0DB92007D4}|DhcpNameServer so when it finished i removed both and mbam asked me to restart pc, and so I did. After it booted up i opened chrome and some websites, and i noticed that it won't load, ran ipconfig /flushdns , ipconfig /renew and got my network connection back. Ran malwarebytes full system scan again and after a whole scan i got report that it found same addreses.. I hope that someone can help me how to solve this problem. Thank you in advance, Rok!
  24. Hi, False positive using WinXP_Pro-SP3 and Winword 2000. Software details: OS: WinXP_Pro-SP3 WinWord 2000 v9.09050-SP3 WinXP DEP enabled. Problem exists with or without WinWord excluded. MBAE "word.exe" locked or unlocked Windows throws DEP alert and shuts down MS Word with alert dialog box. Problem occurs starting MS Word directly (not opening existing document) OR attempting to open Word document without Word already running. Excluding MS Word in DEP makes no difference. Unlocking MS Word (word.exe) in MBAE Shields makes no difference Stopping MBAE Protection all is OK. For now I will ensure I disable my Internet connection and MBAE while creating Word documents. Tried to attach zipped folder but get Error Message "Upload Skipped (Error IO)". File size 195KB (<30MB limit). Browser is Firefox Ver 38.0.5. Is there a filename length limit? OK, used basic uploader. Folder zip file attached OK now.MBAE_FP_WinXP_Word.zip Hope you can help. Regards...Aussie_Bob
  25. I was running a virus scan with MBM, and it came up with what I think may be a false positive, due to two factors.. and this virustotal scan: https://www.virustotal.com/en/file/98623b249d592689ce6d51ee52753becd4290524d6b6d0b0df08f6f5fbf9e6fc/analysis/1423344974/ Am I correct in thinking that this is a false positive or should I be worried?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.