Jump to content

Search the Community

Showing results for tags 'false positive'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Android Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 221 results

  1. Hi, My website was compromised 10days before so I put down my website ( www.indiautlityservices.com) and change the server. Currently I am working on a fresh look of my website but still your software is showing False positive. Can you please unblock my website ( www.indiautlityservices.com) from your list? Regards Raju website- www.indiautlityservices.com
  2. Dear Malwarebytes team, We've cleaned the website https://unsignedonly.com - can you please review and delist this one? Thank you!
  3. Zzyzx

    Salon.com Blocked

    Greetings, For some reason, the news site, Salon.com is blocked, and I'm not sure why, since it's a legitimate news site. You can see more info about it on Wikipedia: hxxps://en.wikipedia.org/wiki/Salon_(website) Here is the protection log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/18/18 Protection Event Time: 2:01 PM Log File: cc50677a-733a-11e8-99a1-005056c00001.json Administrator: Yes -Software Information- Version: Components Version: 1.0.374 Update Package Version: 1.0.5530 License: Premium -System Information- OS: Windows 10 (Build 17134.112) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: www.salon.com IP Address: Port: [61616] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) Best, Zzyzx
  4. MBAM detects The Long Dark's executable with the latest update and quarantines it. The Long Dark was just updated today, 06/14/2018. Hybrid Analysis TLD_False_Pos.zip
  5. Hi, I work for an link shortening service called Geniuslink (hxxps://www.geni.us) which provides our clients with the ability to create shortened links that automatically send their customers to the best destination to purchase their products or view their content. Several of our clients have recently reached out to us indicating that their links and our site are being blocked by Malwarebytes due to Riskware. Our site is only used to shorten and add custom rules to links, and we strictly monitor the links that are built to ensure that no one is using the service to create spam links. In the case that we do detect a malicious link or one is reported to us, we ensure that the link is taken down and the account terminated within 24 hours. Last year we reached out about a similar issue, and were told that we were previously unblocked as of the 16th of January, 2017. Is there any way we can get our Geniuslink domain (geni.us) removed from this Blacklist, and potentially Whitelisted with your service? We really don't want our customers to think that there's anything to be concerned about while using our service, so any help here would be most appreciated. Attached is the protection log from our repro of issue when it was reported by a client this morning - Let us know if there's any additional information we should provide in order to expedite this request. Thanks! -- Matt Mustarde Master of Client Success Geniuslink geni.usProtectionLog.txt
  6. Site is clean. Please review vegecravings.com for blacklist removal
  7. After installing the HamApps_JTAlert_2.11.2_Setup.exe, running the program results in an automatic quarantine of the exe, which my Malwarebytes Premium v3.4.5 shows as a file named "MachineLearning/Anomalous.100%". This also occurs on the previous version v 2.11.1. However, previous to that, v2.10.17 runs fine, has run fine since April 2017, and reverting to that shows no malware. The JTAlert file is located at https://HamApps.com , and is a reputable site as well as author. Their previous files have been fault free, and they pay great attention to virus/malware issues. To quote them: Since JTAlert was released in 2011, there have never been any documented virus/malware/trojan infections caused by JTAlert. Prior to making a new JTAlert release publicly available, all JTAlert files and the Installer are submitted to the VirusTotal Online Scanner where scans from over 60 commercial scanners are performed. I would like to see if your organization feels this is a false positive. Thank you in advance. Regards, Mike
  8. Dear Malwarebytes team, We've cleaned the website http://mindmastery4wealth.com Can you please review and delist this one? Thank you!
  9. Malwarebytes recently found something called PUP.Optional.Simplitec and has quarantined it. Before removing it, I was wondering if anyone knew exactly what it was? It was found in the program files of MAGIX Music Maker 80's Edition which makes me wonder if it's part of that programs files, and so I'm hesistant to delete it. I've attached an image showing the exact file path and item that was quarantined.
  10. I am running adwcleaner 7.1.1 and it is reporting my geneweb v 7 gwd.exe files as a trojan and quarantining them. Geneweb is a french geanealogy site which publishes a source application for local creation of geneanet formatted genealogy files. I don't know why they should show up as a trojan, and I expect that it may be a false positive, unless something has hidden in their coding. Geneaweb.7z
  11. Hello! I was doing a scan on my desktop an hour ago and noticed that I had two detections in my steam library, one in 'Darkwood_Data' managed folder and the other in 'Kingdom New Lands_Data' folder, both flagging a file named 'DOTween.dll' being flagged as 'Spyware.PasswordStealer'. Curiously, because I had the game on my laptop and because it feels like an unusual place to find Spyware in a game's data folders, I scanned the folder for Darkwood on my laptop and sure enough, it got flagged too. Is this a false positive or is this actual spyware? I've attached the exported report file for my laptop's detection and a screenshot of where MB found the file for convenience; I will try to get a copy of the report from my desktop as well. Thanks! PossibleFP (laptop).txt
  12. Hello, We have a false positive issue. Our company provides associations and ngos a management / communication platform. It automatically generates their websites. Some users reported that malwarbyte blocks our websites. For info it is hosted by ovh in France. One Example (many other from other subdomains): Category: PhishingDomain: lions-leplessisrobinson.myassoc.orgIP Address: [60972]Type: OutboundFile: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Thank you in advance for your help. Cyril Bouaziz MyAssoc.org capture.docx
  13. I think this is a false positive (but would like to know either way): The file is the installer downloaded from the link at:https://www.vim.org/download.php#pc , which links to ftp://ftp.vim.org/pub/vim/pc/gvim81.exe as the default installer for MS-Windows. The offending file and log are attached. Thanks for your attention. gvim81.zip GVIM_false_pos.txt
  14. Can you remove our website from being blocked by malwarebytes? It does not have malware... Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/21/18 Protection Event Time: 9:35 AM Log File: 09539282-5d15-11e8-b5ac-4ccc6a27e676.json Administrator: Yes -Software Information- Version: Components Version: 1.0.342 Update Package Version: 1.0.5192 License: Premium -System Information- OS: Windows 10 (Build 17134.48) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malware Domain: avwebdesigns.com IP Address: Port: [53321] Type: Outbound File: C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (end)
  15. Hi, MBAM Premium last night quarantined an old version of Adobe Lightroom 1.4 (that I have used for years) as I was using Lightroom to catalog photos. MBAM identified lightroom.exe and two Win 7 desktop links to lightroom.exe as Malware.Ransom.Agent.Generic. Lightroom is indeed inaccessible now from the Windows Start Button as lightroom.exe is missing from its folder tree under C:\Program Files (x86). Could someone please tell me if ransomeware is capable of imbedding itself into a Windows application executable file (from Adobe)? If not, I will know that I can safely restore the quarantined executable file and chalk off the occurrence as a false positive. If ransomeware IS capable of embedding itself into a Windows application executable, not sure what to do. Please help! And thanks, Bruce
  16. Hi, I have already posted in the forum that our website ucsdcareprogram.com is clean . One of your staff members said that the block is being removed on 11-May-2018 but still its not removed . Please let us know how much time you will take to remove the block (phishing status). Waiting for your response.
  17. I have written a program in C# on my own machine, and it is being used on some of our other machines, and My malware bytes keeps flagging it as the title of this post. there is nothing malicious with my code is there any way I can prevent this? Files for malwarebytes.7z
  18. Hi, This website (http://ucsdcareprogram.com) have been hacked. We have removed the hacked code from the website now the website is clean. You will find "Malwarebytes HpHosts" in the attached screenshot of Virustotal scan... Please, update your database. Website is clean it does not contain any hacked code.
  19. dench

    False positive

    Hi, My website (legentilphotographe.com) have been hacked last february and all the damage has been wiped and securised but some antivirus are still blocking its access to my customers. You will find "Malwarebytes HpHosts" in the attached screenshot of Virustotal scan... Please, update your database because I am loosing all my customers because of this... Help ! Denis
  20. JanineWake

    False Positive

    Good day, Some of our clients have come across a problem on our website, please can you clean all the malware off of www.acdc.co.za. Kind Regards, Janine
  21. samsherman

    false positive

    Our website was hacked a month ago, we cleaned up everything and even switched the server so everything is fine now. Please remove our website (http://greenfieldacresrealty.com) from your blacklist.
  22. Hi! I made a scan with the latest version of Adwcleaner 7.1.0 and i dont know if the result are false positives it's: PUP.Optional.InfoG HKLM\Software\Wow6432Node\Classes\INETCTLS.INET PUP.Optional.InfoG HKLM\Software\Classes\INETCTLS.INET What you think? The only thing i found about INETCTLS.INET is 1: Microsoft Internet Transfer Control 2: an object (InetCtls.Inet) that permits to get a page from another site
  23. This program is a very old Hex Editor that has been around for years. This morning Malwarebytes reported it as having "Ransom.Dharma" after many many previous scans completing without a detection. Please find attached the log file and the two files in a zip file. XVI32.zip
  24. samsherman

    false positive

    Our website was hacked a month ago, we cleaned up everything and even switched the server so everything is fine now. Please remove our website (http://goldeneaglesusa.com) from your blacklist.
  25. geline50

    False Positive Inquiry

    Hello, thanks for allowing me to join this forum. This is my first post and I am not sure if this is the right thread to post this but please bear with me as I am willing to do what it takes. My boss owns Elitemate.com and our IP has been listed at Malwarebytes and this is the letter/message that we have received: "*.elitemate.com,elitemate.com - Blocked for Fraud.Ads.Scam on 2018-04-23 05:09:58 (ID: 870272) According to the information from the team, the domain has indeed been used for scamming, advertisement through ads/spam and scamming people with fake dates." I am not sure how to get delisted at Fraud.Ads.Scam which is why I am asking for anyone from this forum to help us get delisted. Any help or assistance is highly appreciated. Thank you very much.

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.