Jump to content

Search the Community

Showing results for tags 'false postive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Sketchmob website is blocked as a false positive. was trying to get to it to help/buy artwork from an artist. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/30/22 Protection Event Time: 2:09 PM Log File: fb278916-e04b-11ec-8bd7-001fbc133886.json -Software Information- Version: Components Version: 1.0.1676 Update Package Version: 1.0.55582 License: Premium -System Information- OS: Windows 10 (Build 19044.1706) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: sketchmob.com IP Address: Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  2. zip pwd: infected Hi there my application is false positive by your antivirus software, there is no virus inside, i protected this application with VMProtect. Please take a look and fix it. Thanks 305373597_falsepostive.zip
  3. Hello there, Malwarebytes' Ransomware detection module just classified RyzenAdj.exe as a ransomware. The file comes from RyzenController which is an application used to control temperatures and cpu profiles for AMD machines. I uploaded the file to virustotal over here: https://www.virustotal.com/gui/file/cf21bacc7b49aa801965d397519b3862349350196fc3f12678d5381e578aeaff/details VirusTotal says it's completely clean, but Malwarebytes classified it as a Malware.Ransom.Agent.Generic infection and quarantined it. I removed it from quarantine and ensured it wasn't added to the allowed list in Malwarebytes and subsequently ran a scan on the RyzenAdj.exe, and now it's not getting detected as a ransomware file. I'm attaching the detection log and RyzenAdj.exe file here as well. Is this a false positive that I can safely ignore? Thanks ryzenadj.zip DetectionLog.txt
  4. A custumer informed us that Malwarebytes is blocking our training website due to a possible trojan. However, it's a legit website and others security scanners didn't find anything. Please, fix it asap. Link to the website: https://linklist.bio/TreinamentosProfit
  5. I created a few SFX archives to install some programs I commonly use because I do alot of tinkering with the registry and have to reinstall windows regularly. A SFX installer I created with WinRAR was detected as "Malware.AI.3845687880". Report attached below (FalsePositiveWinRarSFX.zip). FalsePositiveWinRarSFX.zip
  6. Hi, I've just finished developing my software, and I was ready to release it, but Malwarebytes detected it as a "MachineLearning/Anomalous.100%" malware. I know I'ts a false positive because I developed the software. The .exe file in the .zip it's the one that has been detected. It's a C# (.Net framework 3.5) frontend that provides a user interface to start another software (Not included as it's not mine and it's not recognized as a malware) with some arguments (arguments depends on what the user do within the frontend). It stores some data to keep preferences in a folder in %appdata% and download from the internet a text file that it use to eventually notify the user about a new version. The same txt also contains 2 urls, one for the new version download page and the other one it's used to download another text file that contains the full changelog history. That pretty much all it does. The p36_utilities.dll it's a library that I wrote and it contains some generic functions to read and write data. My software need it to work. It was not detected. In the attached .zip i've also saved "log.txt" which is the malwarebytes log of the scan. Thank you DML2.zip
  7. Hi, We are malwarebytes premium customers. Malwarebytes is still blocking our website following my false positive report from last week (ID:1501680). I was advised the block would be removed (BjelakovicL ID:1501729) . However it is still blocked. This is becoming quite urgent now for our business. After malwarebytes blacklisted our site, 6 other vendors followed suite and blacklisted us. Could I please request follow up to check the issue and whitelist our website please. Please let me know if there is an issue we need to address. Our IT support has checked the website and cannot find any malicious content. https://www.peopleorienteddesign.com.au
  8. I think the recent scan result of Malware.Heuristic.1008 is a false positive for aspnetcore-targeting-pack-6.0.0-rtm.21526.8-win-x64.msi. This file was used by WSL to find and install Linux distros in the Windows Subsystem for Linux (WSL). It's possible that aspnetcore-targeting-pack-6.0.0 was tampered with, but O haven't found any indications that's the case by searching for similar reports and malware scan results for MalwareBytes and other malware detection tools. I've attached the scan log and a zipped copy of aspnetcore-targeting-pack-6.0.0-rtm.21526.8-win-x64.msi. Malwarebytes_Scan_log_aspnetcore-targeting-pack-6.0.0-rtm.21526.8-win-x64.msi.txt aspnetcore-targeting-pack-6.0.0-rtm.21526.8-win-x64.zip
  9. Hi, I am a developer and my c# .net desktop app "MemeMic.exe" is getting caught with MachineLearning/Anomalous and I am sure it is false positive.It is just an overlay above games. If I made the exe have a custom icon , the anomaly becomes 96%. https://www.virustotal.com/gui/file/353ba53097dde7a05f33a90b111c277cc4b5ef97fd2a3b702fa8801f9dfe007c?nocache=1 If I leave the exe with the default icon , the anomaly becomes 95% https://www.virustotal.com/gui/file/a1b57074e94aacda309c3b933e2b45a3e31ef7c9ff4d17fe35203b0900f98152 this is the source code (in case it could help) https://github.com/khalidwaleed0/MemeMic Thanks in advance.
  10. On Wednesday, November 10, 2021, I found this in McAfee's Quarantine section: Item: mbae.dll | Threat: GenericRXQL-XZ!F2A56B293D17 | Detected: 11/6/2021 11:12 AM Full Path: C:\Program Files\Malwarebytes\Anti-Malware\LKG Threats Detected GenericRXQL-XZ!F2A56B293D17 Item: mbae.dll | Threat: GenericRXQL- mbae.dll is Malwarebytes' Anti-Malware Anti-Exploit dynamic link library. I suspect that something is tricking McAfee into quarantining then deleting the file so exploits can run amuck on my PC. https://www.registry-programs.com/process/list/mbae.dll.html says: The legit mbae.dll process is located in the e: \ \program files\ \malwarebytes anti-exploit \ folder. If it is located elsewhere, it could be malware as a virus can have any name. https://www.shouldiblockit.com/mbae.dll-856ef24d278cd512a4b10b593a1f3a1d.aspx [from 2016] says: Typical file path: C:\Program Files\malwarebytes anti-exploit\mbae.dll Here in 2021, however, there is no malwarebytes anti-exploit subfolder. A search on mbae in my C:\Program Files\Malwarebytes\Anti-Malware folder yielded the following: mbae64.dll C:\Program Files\Malwarebytes\Anti-Malware mbae.dll C:\Program Files\Malwarebytes\Anti-Malware mbae-api-na.dll C:\Program Files\Malwarebytes\Anti-Malware AeShim.dll C:\Program Files\Malwarebytes\Anti-Malware mbae64.dll C:\Program Files\Malwarebytes\Anti-Malware\LKG mbae-api-na.dll C:\Program Files\Malwarebytes\Anti-Malware\LKG mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\LKG mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware Should I leave the mbae.dll file that McAfee put in quarantine, or restore it to C:\Program Files\Malwarebytes\Anti-Malware\LKG ?
  11. Blocks the website and says it has malware. You link is: https://block.malwarebytes.com/?lic=Licensed&cat=Trojan&lang=en&prod=NCEP-WIN&ver= Looking elsewhere, I don't see that it is virustotal shows it as clean, but the forum won't let me post that result (y'all really need to make this easier to submit for review.)
  12. I did a scan and the following threats were detected. Can I put them in quarantine? They look like system files and I don't want to damage any apps by putting system files in quarantine. Is it a case of false positives or are these files actually malicious. PUP.Optional.DriverPack, HKU\SOFTWARE\DRPSU PUP.Optional.DriverPack, HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU PUP.Optional.DriverPack, HKU\SOFTWARE\DRPSU|CLIENTID PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID PUP.Optional.DriverPack.BITSRST, C:\USERS\USER\APPDATA\ROAMING\DRPSU
  13. Dear Malwarebytes, I found this alert as MalwareC1004 , file name : IPOT_INSTALLER.EXE is this false positive ??? I attachment a report for this alert.....IPOT_MALWAREC1004.txt and file ipot_installer.zip thanks ipot_installer.zip
  14. Hi, I've created a new website at https://new.buckeyetravelhockey.com, a user has reported Malwarebytes is blocking it as a Trojan. I presume this is because of the prior reputation of the IP address assigned to me by the VM host, which is Could you please update your block list? Thank you. Allan
  15. 1. Both systemus.zip and systemus.exe are detected as malware on installed free version of Malwarebytes. The .exe is in the .zip. I think both flags are false positives, although I could understand a riskware, PUP, or system tool type classification as Systemus is a menu of system tools. systemus.exe (Generic.Malware/Suspicious) on https://www.virustotal.com/gui/file/b250b79a87b596381fe53f2c14c3db556ce79cc84753c4a2e06762acd4f86017/details sytemus.zip (Undetected) on https://www.virustotal.com/gui/file/f8611a12d02038504585f2b225d802a6ee0832e68522d8fad046769e7045e935/detection Found at https://www.dcmembers.com/bgmcoder/download/systemus/ 2. The pinned create log instructions don't work. A. Requires full path to mbam.exe B. Instructions for running on just a subfolder are not included. I run on a subfolder via the context menu. Systemus.zip
  16. Hello! I ran my scanner tonight before starting my work, and I noticed MBAM pipped on something in my Steam library, labeling the application launcher in my Star Wars Galactic Battlegrounds library as malware. The file it flagged was E:\STEAMLIBRARY\STEAMAPPS\COMMON\STAR WARS - GALACTIC BATTLEGROUNDS SAGA\GAME\PLAYER.EXE . I strongly suspect that this is a false positive, but I wanted to make sure of this before I begun working on my computer tonight. If I could get a tech, an expert, or staff member to look into this, I'd greatly appreciate it. I've included screens shots and the exported report down below. Thank you, and I hope to hear from someone A.S.A.P. -Sorr Star Wars.txt
  17. Hello, Some clients of ours alerted us that our website is displaying as blocked. The URL is https://travelingtiffinco.com/ Please let me know any other information I can provide to help resolve this. Thank you so much for your assistance!
  18. I rented a new VPS on 3/8 and had to add the IP address ( to my ignore list just to login an start migrating websites to it. Today learned that anyone trying to visit any site at that IP address is still getting blocked by Malwarebytes and receiving a trojan warning. When I logged into it via Windows Remote Desktop the first time I could tell it was a fresh installation of Windows Server 2019 DC, so obviously the trojan warning must be due to the last customer using that IP hosting a trojan. How do I get my IP removed from the Malwarebytes blacklist? Also, whenever I try to post on this forum and my NordVPN is active my post gets rejected as spam. Please fix that as well.
  19. Hello! I was recently doing a full scan of my PC when MBAM reported a detection on my HDD dedicated for video games. The file in question is located in my Steam Library's files for Half-Life 2, under, "COMMON\HALF-LIFE 2\BIN\DMXCONVERT.EXE" . The type of malware is called, "Malware.AI.4098362766." This made me curious as it's located in my Steam files, not somewhere malware typically is known to be harbored, but then again anything's possible. I scanned the folder with Windows Security, and nothing came back positive. I believe this might be a false positive. I ran the file in question through VirusTotal, and it shows two engines detecting it (https://www.virustotal.com/gui/file/d8dce9bae7239b200e4f5559106625e5f1649d4f97be5407bb94855f4b89059e/detection). I noticed that Malwarebytes isn't picking it up on Virustotal. I was wondering if I could get a confirmation that this is indeed malware or just a false positive. If I could have a technician, admin, or otherwise verify this for me, that would be greatly appreciated. I've attached screencaps and the .txt extraction below. Thanks, and I hope to hear from you A.S.A.P. -Sorr report.txt
  20. Hello, I did a scan and Malwarebytes Free 4.2.3 detected malware with the code Malware.AI.960368963 for my Unity Editor file: C:\PROGRAM FILES\UNITY\HUB\EDITOR\2019.4.12F1\EDITOR\DATA\PLAYBACKENGINES\ANDROIDPLAYER\SDK\BUILD-TOOLS\28.0.3\MIPSEL-LINUX-ANDROID-LD.EXE. Is this a false positive or real threat? I have attached the exported quarantine report. Please let me know if you need any other files. Thank you. I'm new to using the forum so let me know if I need to make changes. malware-ai-960368963.txt
  21. Hello, Our Community Project at hxxps://popupdb.org is being flagged as hijacked. This is not true. The Project tracks down malicious scam websites, which are used to run Microsoft Telephone Scams and has no malicious intentions. Sincerely Admin of PopupDB
  22. Hi all, When I visit https://anime-planet.com/ I get a message warning of 2 Malware, this is a recent alert as I use this site daily and haven't seen it before. This website has been around since 2000 and is extremely popular/trusted. I have ran various malware/virus scans and no services have any issues with the site. Could the alert be removed? Reports: https://www.virustotal.com/gui/url/ed5ef2a9680d7806bd3afbd4cd43ff5a33fab18f804e012c097960bb8ab61310/detection https://sitecheck.sucuri.net/results/https/anime-planet.com https://scanner.pcrisk.com/detailed_report/anime-planet.com#details Thanks in advance!
  23. We are registered non-profit called the World Transformation Movement. Our website is hxxps://humancondition.com and is being classified by Malwarebytes as hosting a Trojan. Please see attached screenshot. We believe this classification is incorrect. The website is hosted via CloudFlare CDN at the following IP addresses: IPv6 address 2606:4700:20::ac43:4463 IPv6 address 2606:4700:20::681a:d09 IPv6 address 2606:4700:20::681a:c09 We don’t distribute any software via our website. We do have a Mobile App on both the Apple App Store and Google Play Store that is for information about our organisation (Podcasts and eBooks). We publish our Website and Application Terms of use and Privacy policy on our website. Could you please review the Malwarebytes classification our website? If you need any further information, please don’t hesitate to ask. Thanks, Marcus Rowell
  24. Our website, attcnetwork.org, is currently displaying a "Website blocked due to a Trojan" notice for visitors who use Malwarebytes. As far as we can tell, the website isn't compromised. Could you please whitelist our site? Or if you still think that it really does contain a Trojan, can you give us any more details about how that is being determined so that we can fix it? the block occurs with both the browser extension, and with the Premium product for Windows installed. I've attached an exported log file from Malwarebytes Premium, and pasted those contents below. Thanks! ----------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/29/20 Protection Event Time: 10:32 AM Log File: a72575f4-d1b0-11ea-8eb7-3ca82a7ccb50.json -Software Information- Version: Components Version: 1.0.990 Update Package Version: 1.0.27639 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: attcnetwork.org IP Address: Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe MalwarebytesBlockExport.txt
  25. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 23/06/2020 Protection Event Time: 09:18 Log File: 22421b78-b52a-11ea-9d38-bc8385eecdaa.json -Software Information- Version: Components Version: 1.0.955 Update Package Version: 1.0.25899 Licence: Trial -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: childminding.ie IP Address: Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.