Jump to content

Search the Community

Showing results for tags 'false positive?'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 4.1.0.56 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
  2. Sorr

    Steam.exe

    Good Evening! I just noticed my Malwarebytes blocked Steam a couple times while I was away from my PC doing chores. Is this a False Positive, or did funky things actually go down with Steam while I was away? If I could get an expert or someone to verify these were both F.P.'s, that's be great; MBam isn't currently flagging Steam right now, but I figured it's better to be safe than sorry. Sorry if this was already resolved/redundant. Thank you! -Sorr steam.txt steam 2.txt
  3. This is the executable file for a very basic software interface written by a vape company. I downloaded the software from the official company website and ran it though VS Code before installing. I did not note any malicious code hidden in the software, but presumably due to the very basic and old-fashioned formatting, Malwarebytes immediately quarantined it. The site where I accessed the program is https://voopoo.com. I am not sure what other information you might need, but based on my knowledge I believe the program could be safely whitelisted. I attached a screenshot of the quarantined file.
  4. Hello Please find in the attached archive 3 files detected as malware during a Malwarebytes scan done on October 1st. These files are OK on VirusTotal scans. The Malwarebytes report is included in the archive. Thanks and regards false positives_20191001.rar
  5. Hi, advise please as to if this website block by Malwarebytes is a false positive or not?. hxxps://ohsw7kcq3.qnssl.com/file/14984687013583gjox1savd4.zip The zip file is attached to this post. Log: -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: ohsw7kcq3.qnssl.com IP Address: 117.91.177.227 Port: [49897] Type: Outbound .. The IP address changes though!. The link that was blocked is a firmware update and update program/tool which runs on Windows, but the firmware is for a non windows device. I scanned the zip file that I downloaded after removing the website block and Malwarebytes detects nothing. The webpage with the Link on it to the firmware update and update tool is not blocked: hxxps://www.smoktech.com/faq/273 but the download link for the firmware update and update tool on the above webpage is blocked & listed as a Trojan, but like I said, Malwarebytes detects nothing when I scan the zip file. So what I need to know is was it just a false positive?, or was the connection to the Domain the problem?. 14984687013583gjox1savd4.zip
  6. I have been using Adhell 3 for the last 7 months. Today, opening it to take care of a new exception on my Galaxy A8 (2018) running Oreo 8.0 with Samsung Experience level 9.0, it was determined to be a banking Trojan by Malwarebytes. Not sure if it is or not as before today, despite daily scanning by Malwarebytes, it has not triggered an alarm. Just to be safe, uninstalled meantime. Scan said that file: android/trojan.banker.asacub.cp was detected in the program. Am attaching a screenshot of the initial scan report. Not sure if it was part of a recent update or not that "something" changed the state of this app. The original download was from this address: https://m.mediafire.com/folder/sb37c6gmhqgbn/AdHell_3 I have used Dr Web to run a full scan after Malwarebytes alerted me to deal with this. It found nothing... Malwarebytes was installed & functional before downloaded the Adhell program & it hasn't changed to my knowledge from the initial install to the update just day's ago (screenshots provided) of it being safe.
  7. Got a detection this morning on ONE computer but the file doesn't seem to be malicious. Please explain how this batch file is a Trojan: Trojan.Agent.Trace Quarantined C:\DelUS.bat Contents: :Repeat attrib -R "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" del "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" if exist "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" goto Repeat attrib -R "\DelUS.bat" del "\DelUS.bat"
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.