Jump to content

Search the Community

Showing results for tags 'false positive?'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 25 results

  1. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 4.1.0.56 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
  2. Good Evening! I just noticed my Malwarebytes blocked Steam a couple times while I was away from my PC doing chores. Is this a False Positive, or did funky things actually go down with Steam while I was away? If I could get an expert or someone to verify these were both F.P.'s, that's be great; MBam isn't currently flagging Steam right now, but I figured it's better to be safe than sorry. Sorry if this was already resolved/redundant. Thank you! -Sorr steam.txt steam 2.txt
  3. This is the executable file for a very basic software interface written by a vape company. I downloaded the software from the official company website and ran it though VS Code before installing. I did not note any malicious code hidden in the software, but presumably due to the very basic and old-fashioned formatting, Malwarebytes immediately quarantined it. The site where I accessed the program is https://voopoo.com. I am not sure what other information you might need, but based on my knowledge I believe the program could be safely whitelisted. I attached a screenshot of the quarantined file.
  4. Hello Please find in the attached archive 3 files detected as malware during a Malwarebytes scan done on October 1st. These files are OK on VirusTotal scans. The Malwarebytes report is included in the archive. Thanks and regards false positives_20191001.rar
  5. Hi, advise please as to if this website block by Malwarebytes is a false positive or not?. hxxps://ohsw7kcq3.qnssl.com/file/14984687013583gjox1savd4.zip The zip file is attached to this post. Log: -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: ohsw7kcq3.qnssl.com IP Address: 117.91.177.227 Port: [49897] Type: Outbound .. The IP address changes though!. The link that was blocked is a firmware update and update program/tool which runs on Windows, but the firmware is for a non windows device. I scanned the zip file that I downloaded after removing the website block and Malwarebytes detects nothing. The webpage with the Link on it to the firmware update and update tool is not blocked: hxxps://www.smoktech.com/faq/273 but the download link for the firmware update and update tool on the above webpage is blocked & listed as a Trojan, but like I said, Malwarebytes detects nothing when I scan the zip file. So what I need to know is was it just a false positive?, or was the connection to the Domain the problem?. 14984687013583gjox1savd4.zip
  6. I have been using Adhell 3 for the last 7 months. Today, opening it to take care of a new exception on my Galaxy A8 (2018) running Oreo 8.0 with Samsung Experience level 9.0, it was determined to be a banking Trojan by Malwarebytes. Not sure if it is or not as before today, despite daily scanning by Malwarebytes, it has not triggered an alarm. Just to be safe, uninstalled meantime. Scan said that file: android/trojan.banker.asacub.cp was detected in the program. Am attaching a screenshot of the initial scan report. Not sure if it was part of a recent update or not that "something" changed the state of this app. The original download was from this address: https://m.mediafire.com/folder/sb37c6gmhqgbn/AdHell_3 I have used Dr Web to run a full scan after Malwarebytes alerted me to deal with this. It found nothing... Malwarebytes was installed & functional before downloaded the Adhell program & it hasn't changed to my knowledge from the initial install to the update just day's ago (screenshots provided) of it being safe.
  7. Got a detection this morning on ONE computer but the file doesn't seem to be malicious. Please explain how this batch file is a Trojan: Trojan.Agent.Trace Quarantined C:\DelUS.bat Contents: :Repeat attrib -R "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" del "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" if exist "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" goto Repeat attrib -R "\DelUS.bat" del "\DelUS.bat"
  8. Hey there! This is more of just asking for Malwarebytes Staff/ Professional's opinion on an issue. On July 4th, I scanned my computer with Malwarebytes Premium and the Anti-rootkit beta; nothing was found each time. When I did a full scan of my computer with Windows Defender just to make sure, it says I was infected with "Trojan:O97M.Dplink.A". When I saw this I started to do some research on this trojan, but couldn't find any info other than a reddit thread talking about it and Microsoft's own entry on the trojan. I posted this to the Microsoft Community website asking if it was a false positive, but didn't really get a straight answer from them. I'll post it here because it goes into detail what happened; sorry that it's lengthy, but I like to try and be as thorough as I can be and I don't want to post links leading out of the forum: " Hello! I've been trying to figure this out all day; on my desktop earlier today, Windows defender flagged a file associated with the Immersive Control Panel - 'Control Panel a.k.a. ControlPanel.settingcontent-ms' - as 'Trojan:O97M/DPlink.A' in my user files and in the 'Windows.Old' files (I'd just reformatted and updated to 1803 about two weeks ago). This seemed strange since I've only logged into my Gmail, Youtube and Amazon since last night and haven't downloaded anything or even opened up an email, so I really haven't been in a position to have been infected by anything. Also, I had scanned my computer with Windows Defender last night too, and nothing came up when I did that. Windows Defender had deleted the file, so I don't have it on my computer anymore to send, if you needed it. I've run a full scan on my laptop and my father's laptop as well; WIndows Defender flagged the same exact file in the same exact location as the same Trojan I named above each time. On VirusTotal, I've noticed that Microsoft (Windows Defender) is the only Antivirus/Antimalware that's flagging it as a malicious XML file, labeling it 'Trojan:O97M/DPlink.A' leading me to suspect that this is a false positive. After a whole day of scouring the internet, I wanted to ask the Microsoft Community if this is indeed a threat or is Windows Defender detecting a false positive? On a side note, W.D. deleted the suspected file off my laptop as well, but I do have a screenshot of where it detected the suspected file; I'll attach it for reference. I do have the suspected file still on my father's laptop; windows defender is doing a full scan with the most recent virus definitions now as opposed to earlier today and the same file is not being flagged anymore. On all the machines I've scanned I ran a full scan with Malwarebytes Premium before running Windows Defender; Malwarebytes didn't detect anything on any computer during any scan, even when I had it select the exact file in question. [Screenshot is attached below] To summerize, I'm wanting to know if the file Windows Defender flagged is truly malicious or just a false positive? Given how my desktop and my laptop have deleted ControlPanel.settingcontent-ms from 'windows.immersivecontrolpanel_cw5n1h2txyewy' folder, will this cause permanent damage to my systems or will they still function properly? (I haven't noticed any problems yet)" I know that Malwarebytes staff isn't Microsoft, but based on the information above and the evidence I can present, do you feel confident in saying that this is a false positive? Admittedly, I do nnot have the ControlPanel.settingcontent-ms file on my computer since Windows Defender deleted it, but I have a link leading to the virus total page whee I uploaded it to the website; as of right now, Virus Total doesn't flag the file in question as malicious across any A.V./A.M. Thank you for taking the time to read this monster of a post and I hope to hear from you soon!
  9. Malwarebytes blocked a site with address ia801509.us.archive.org several times in the space of a couple of minutes earlier today. I am aware of archive.org as a website, but I haven't accessed the website either when this occurred, or in recent times. I wasn't downloading any files, and all I had open was a new blank tab in Google Chrome. There are no options for blocking or whitelisting the site, and Malwarebytes automatically tried to add it to the list of ignored items. Is this site malware? And why was Malwarebytes ignoring the threat despite being reported as malware? After a full scan, no malware or other threats have been detected, so really I'm at a loss. Attached are the details for one of the scans. All the highlighted reports are for this threat. The threat came from my Google Chrome application. Any ideas?
  10. I have exactly the same problem as Bob Blaylock's post: pup.optional.ask won't go away—possible false-positive? By Bob_Blaylock, November 19 in Resolved Malware Removal Logs I see the solution posted (see below) by miekiemoes, for Bob Blaylock, however I noticed that the first instruction was "make sure you have the latest version of malwarebytes installed (currently 3.3)", I have updated Malwarebytes and the Dashboard reports my updates are "Current" but my version number is 3.2.2.2029 (at 27th November 2017) NOT 3.3. QUESTION: Is the current version for the UK 3.2.2.2029 ? if not how do I update to 3.3 ? and do I need to before proceeding with the miekiemoes solution ? Not sure if this is relevant but although PUP.Optional.ASK does not appear to have a major effect on my system, I have noticed that on completion of a scan Malwarebytes reports that the infection has been quarantined and then the Google Chrome browser will shut down, if I restart Google Chrome it asks if I wish to restore the original tabs and from that point everything appears normal. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/27/17 Scan Time: 8:00 AM Log File: f770c554-d348-11e7-a56b-902b3465e037.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3350 License: Premium -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 484032 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 36 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.ASK, C:\USERS\JON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [527], [454825],1.0.3350 Physical Sector: 0 (No malicious items detected) (end)
  11. Some time about a week or two ago, MalwareBytes started claiming, on each full threat scan, to detect and quarantine pup.optional.ask, in the file “C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data”. I have MalwareBytes set to automatically do a full threat scan every night, while I am sleeping, and every morning, I get this same report. I clear the quarantine each day. I've also used your Junk Removal Tool, and your AdwCleaner tool as well. Each claims to find and remove pup.optional.ask, every time I run them. No matter what I do, with any of your software having claimed to remove or quarantine pup.optional.ask, they still claim to find it the next time they are run. Shortly after this began, I made a point of downloading and installing the latest version of MalwareBytes,and making sure that it is as up-to-date as possible. I currently am running version 3.3.1.2183 with Components Version 1.0.236 and Update Package Version 1.0.3293. I've also recently downloaded and installed Avast, and have run the most intense scans that it offers. It does not claim to find pup.optional.ask at all. I am experiencing no symptoms that indicate the presence of this PUP, other than that malwareBytes keeps claiming to find it. There is no unexpected behavior on the part of Chrome, such as this PUP is supposed to cause, and nothing suspicious appears among the extensions that I can see installed in Chrome. I'm wondering is this is some bizarre form of a false-positive. The specific file that MalwareBytes keeps identifying and quarantining doesn't seem like a likely place for such an infestation to be hiding. If it's deleted (either by MalwareBytes quarantining it or me manually deleting it), Chrome creates a new instance. If there really is an instance of this PUP infesting my machine, then it needs to be hiding somewhere other than in this file, but it is only this file that malwareBytes ever thinks is infected. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/19/17 Scan Time: 1:00 AM Log File: 05f2a711-cd08-11e7-ab8f-001a4bca3f50.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3293 License: Premium -System Information- OS: Windows 10 (Build 15063.726) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 513580 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 32 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.ASK, C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [526], [454825],1.0.3293 Physical Sector: 0 (No malicious items detected) (end) pup.optional.ask.20171119.zip
  12. i really dont know if i should do quarantine cause driver package is useful. is this a falsepositive? help please. An detailed explanation will be really helpful
  13. I have Windows 10 on my PC and have just ran a scan on my PC which returned one detection a PUP C;\ProgramData\Microsoft\Windows Menu?\Booking.com. Is this a false positive?
  14. Every time i ran malwarebytes adwcleaner i tells me something similar to --- ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\rickt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxps://mysearch.avg.com?cid={8AEA1A55-61F1-417F-A91A-6CF42944F8B4}&mid=ab0dc9fa767647d29fd23de12d889224-2dab17d389c ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1301 Bytes] - [26/10/2016 17:40:48] C:\AdwCleaner\AdwCleaner[C2].txt - [1885 Bytes] - [26/10/2016 18:57:06] C:\AdwCleaner\AdwCleaner[S0].txt - [1301 Bytes] - [26/10/2016 17:39:39] C:\AdwCleaner\AdwCleaner[S1].txt - [1447 Bytes] - [26/10/2016 17:45:48] C:\AdwCleaner\AdwCleaner[S2].txt - [1520 Bytes] - [26/10/2016 17:50:57] C:\AdwCleaner\AdwCleaner[S3].txt - [1593 Bytes] - [26/10/2016 17:53:11] C:\AdwCleaner\AdwCleaner[S4].txt - [1493 Bytes] - [26/10/2016 17:56:37] C:\AdwCleaner\AdwCleaner[S5].txt - [1739 Bytes] - [26/10/2016 18:01:03] C:\AdwCleaner\AdwCleaner[S6].txt - [1812 Bytes] - [26/10/2016 18:49:44] C:\AdwCleaner\AdwCleaner[S7].txt - [1885 Bytes] - [26/10/2016 18:56:16] C:\AdwCleaner\AdwCleaner[S8].txt - [1858 Bytes] - [26/10/2016 19:01:06] C:\AdwCleaner\AdwCleaner[S9].txt - [1952 Bytes] - [26/10/2016 19:03:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2025 Bytes] ########## /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// But after the file is removed another one takes its place with a new file like--- # AdwCleaner v6.030 - Logfile created 26/10/2016 at 19:18:07 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-25.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : rickt - DESKTOP-BVDUP36 # Running from : G:\adwcleaner_6.030.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1301 Bytes] - [26/10/2016 17:40:48] C:\AdwCleaner\AdwCleaner[C2].txt - [1885 Bytes] - [26/10/2016 18:57:06] C:\AdwCleaner\AdwCleaner[S0].txt - [1301 Bytes] - [26/10/2016 17:39:39] C:\AdwCleaner\AdwCleaner[S10].txt - [1368 Bytes] - [26/10/2016 19:18:07] C:\AdwCleaner\AdwCleaner[S1].txt - [1447 Bytes] - [26/10/2016 17:45:48] C:\AdwCleaner\AdwCleaner[S2].txt - [1520 Bytes] - [26/10/2016 17:50:57] C:\AdwCleaner\AdwCleaner[S3].txt - [1593 Bytes] - [26/10/2016 17:53:11] C:\AdwCleaner\AdwCleaner[S4].txt - [1493 Bytes] - [26/10/2016 17:56:37] C:\AdwCleaner\AdwCleaner[S5].txt - [1739 Bytes] - [26/10/2016 18:01:03] C:\AdwCleaner\AdwCleaner[S6].txt - [1812 Bytes] - [26/10/2016 18:49:44] C:\AdwCleaner\AdwCleaner[S7].txt - [1885 Bytes] - [26/10/2016 18:56:16] C:\AdwCleaner\AdwCleaner[S8].txt - [1858 Bytes] - [26/10/2016 19:01:06] C:\AdwCleaner\AdwCleaner[S9].txt - [2104 Bytes] - [26/10/2016 19:03:16] I even try to locate it down and delete the file but a new one takes its place. Please help! Is this a false positive
  15. MWB stopped me from accessing this site but did not offer any details as to what it thought was malicious and I have not been able to find any other indications as to what might be of serious concern.
  16. MBAM 2.1.8.1057 Premium flagged the file syslinux.exe as Trojan.Downloader. I'm pretty sure that this file is not malware; it's clean according to Virus Total. I have attached the scan log and the zipped file. syslinux.zip FP_syslinux.txt
  17. Used the computer today for the first time since the 8th. Scanned on the 8th and all was fine. Database was updated today at 5:22. Scanned at 6:12 and every single users roaming data showed Intel Turbo Boost Technology Monitor 2.0.lnk having "malware.trace". I right clicked on this file which is a shortcut to the program and selected "scan with malwarebytes". It came out clean. Went to the containing folder and scanned the target file. It also came out clean. Attaching the events from update to the present. scan log at 6.txt scan at 612.txtscan of shortcut only.txtscan of shortcut only.txtscan of target file only.txtmalwarebytesmaydatabaseupdate.txtscan log at 6.txtscan at 612.txt
  18. Hello, I am a registered and paid user of MWB Premium I purchased legal software from Wondershare, their Video Download Converter 7.1.3 and I get 46 "Non-Malware" hits with MWB which I believe are false positives. http://www.wondershare.com/Can confirm that their software is not malware and why do I get the hits from MWB if it is false positives. This is a reputable software company that is highly rated. Either you need to fix MWB to non-detect for their software or communicate with them as to why their software is getting these hits. I've attached the MWB log on the hits. Advise, Thanks, Mr. Hunter
  19. SHA256: 982aef5160dae45a5fe515836b5d9c61de25e4024e5704281e5732555a741a31 SHA1: 74de8a5e61b62be2e76a9240fa6419d2ef8084e8 MD5: 181910fccd5bda8f88c237ac12d15a78 File size: 12.3 KB ( 12554 bytes ) File name: IASACCT.DL_ File type: CAB Detection ratio: 1 / 54 Analysis date: 2014-07-12 05:26:07 UTC ( 0 minutes ago ) https://www.virustotal.com/en/file/982aef5160dae45a5fe515836b5d9c61de25e4024e5704281e5732555a741a31/analysis/1405142767/ IASACCT.7z protection-log-2014-07-12.txt
  20. This came up today opening Idoo File Encryption Pro 5.6. C:\Program Files (x86)\idoo\File Encryption\LoaderGFL.exe Trojan.Agent.ED Without this file I cannot decrypt my databases. Is it a false positive or have I to remove the program? Using VirusTotal only Malwarebytes detects the threat. Can you please help me?
  21. I think these may be false positives but I am unsure. Files Infected: C:\$Recycle.Bin\S-1-5-21-3137687710-1416735958-361854081-4366\$R3UHWLB.exe (Trojan.Llac) -> No action taken.C:\$Recycle.Bin\S-1-5-21-3137687710-1416735958-361854081-4366\$RA60TD7.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft SDKs\LightSwitch\v3.0\Design\vs_lightswitchwif.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\Setups\vs_profiler_x64_enu.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\Setups\vs_profiler_x86_enu.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_x64.exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_x86.exe (Trojan.Llac) -> No action taken.C:\ProgramData\Package Cache\{29828f33-4679-462a-8c98-1c3507678922}\VS2012.3.exe (Trojan.Llac) -> No action taken.C:\ProgramData\Package Cache\{363a2c1e-637f-45ce-933b-5a5463efd945}\sdksetup.exe (Trojan.Llac) -> No action taken.C:\ProgramData\Package Cache\{56ef8912-352f-4fab-9c73-6f1c92a7127f}\patch_KB2781514.exe (Trojan.Llac) -> No action taken.C:\ProgramData\Package Cache\{72a589f5-52d2-4e9e-b3d0-77d589ff8c2f}\vs_professional.exe (Trojan.Llac) -> No action taken.C:\Windows\Installer\$PatchCache$\Managed\CE0CDFFC429674330B743133E9BDCE82\11.0.50727\F_VCRedist_arm_exe (Trojan.Llac) -> No action taken.C:\Windows\Installer\$PatchCache$\Managed\CE0CDFFC429674330B743133E9BDCE82\11.0.50727\F_VCRedist_x64_exe (Trojan.Llac) -> No action taken.C:\Windows\Installer\$PatchCache$\Managed\CE0CDFFC429674330B743133E9BDCE82\11.0.50727\F_VCRedist_x86_exe (Trojan.Llac) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\updater.exe (Trojan.Agent) -> No action taken.
  22. This just occurred: 2013/05/25 17:03:00 -0400 NOWFAITH-HP nowfaith MESSAGE Executing scheduled update: Realtime 2013/05/25 17:03:07 -0400 NOWFAITH-HP nowfaith MESSAGE Scheduled update executed successfully: database updated from version v2013.05.25.07 to version v2013.05.25.08 2013/05/25 17:03:07 -0400 NOWFAITH-HP nowfaith MESSAGE Starting database refresh 2013/05/25 17:03:07 -0400 NOWFAITH-HP nowfaith MESSAGE Stopping IP protection 2013/05/25 17:03:07 -0400 NOWFAITH-HP nowfaith MESSAGE IP Protection stopped successfully 2013/05/25 17:03:09 -0400 NOWFAITH-HP nowfaith MESSAGE Database refreshed successfully 2013/05/25 17:03:09 -0400 NOWFAITH-HP nowfaith MESSAGE Starting IP protection 2013/05/25 17:03:11 -0400 NOWFAITH-HP nowfaith MESSAGE IP Protection started successfully 2013/05/25 17:03:58 -0400 NOWFAITH-HP nowfaith IP-BLOCK 178.63.45.183 (Type: outgoing, Port: 60896, Process: avastsvc.exe) 2013/05/25 17:03:58 -0400 NOWFAITH-HP nowfaith IP-BLOCK 178.63.45.183 (Type: outgoing, Port: 60897, Process: avastsvc.exe) Just as the balloon came up from MBAM Pro, avast!free balloon comes up and says it has protected me from a malicious site - chrome.exe. Doesn't seem likely, but would someone much brighter than myself, please let me know about this. Thank you.
  23. Here is an installer file for Moultrie Game Feeders (moultriefeeders.com) that Malwarebytes keeps informing me that it is a trojan. The company denies that it is malicious. Here is the log file from MBAM and a zip of the offending installer. Please reply to 'bob@rsmcomputer.com' with your analysis. plot_stalker_software_m80-m100-i40xt.zip mbam-log-2012-11-14 (12-07-42).txt
  24. The OnPay Inc virus has disabled my computer. I was able to find my documents, picures & music and transferred them to a portable Western Digital hard drive. Before i hook that up to a working computer i want to make sure the virus was not transferred to the portable hard drive. The scan finds one file - Files Detected: 1 M:\DmailerSync_9_1_18359.exe (Malware.Packer.as) Should it be removed? mbam-log-2012-09-04 (21-08-25).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.