Jump to content

Search the Community

Showing results for tags 'false postive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, I've created a new website at https://new.buckeyetravelhockey.com, a user has reported Malwarebytes is blocking it as a Trojan. I presume this is because of the prior reputation of the IP address assigned to me by the VM host, which is 199.195.250.60. Could you please update your block list? Thank you. Allan
  2. Hi, I've just finished developing my software, and I was ready to release it, but Malwarebytes detected it as a "MachineLearning/Anomalous.100%" malware. I know I'ts a false positive because I developed the software. The .exe file in the .zip it's the one that has been detected. It's a C# (.Net framework 3.5) frontend that provides a user interface to start another software (Not included as it's not mine and it's not recognized as a malware) with some arguments (arguments depends on what the user do within the frontend). It stores some data to keep preferences in a folder in %appdata% and download from the internet a text file that it use to eventually notify the user about a new version. The same txt also contains 2 urls, one for the new version download page and the other one it's used to download another text file that contains the full changelog history. That pretty much all it does. The p36_utilities.dll it's a library that I wrote and it contains some generic functions to read and write data. My software need it to work. It was not detected. In the attached .zip i've also saved "log.txt" which is the malwarebytes log of the scan. Thank you DML2.zip
  3. 1. Both systemus.zip and systemus.exe are detected as malware on installed free version of Malwarebytes. The .exe is in the .zip. I think both flags are false positives, although I could understand a riskware, PUP, or system tool type classification as Systemus is a menu of system tools. systemus.exe (Generic.Malware/Suspicious) on https://www.virustotal.com/gui/file/b250b79a87b596381fe53f2c14c3db556ce79cc84753c4a2e06762acd4f86017/details sytemus.zip (Undetected) on https://www.virustotal.com/gui/file/f8611a12d02038504585f2b225d802a6ee0832e68522d8fad046769e7045e935/detection Found at https://www.dcmembers.com/bgmcoder/download/systemus/ 2. The pinned create log instructions don't work. A. Requires full path to mbam.exe B. Instructions for running on just a subfolder are not included. I run on a subfolder via the context menu. Systemus.zip
  4. Hello! I ran my scanner tonight before starting my work, and I noticed MBAM pipped on something in my Steam library, labeling the application launcher in my Star Wars Galactic Battlegrounds library as malware. The file it flagged was E:\STEAMLIBRARY\STEAMAPPS\COMMON\STAR WARS - GALACTIC BATTLEGROUNDS SAGA\GAME\PLAYER.EXE . I strongly suspect that this is a false positive, but I wanted to make sure of this before I begun working on my computer tonight. If I could get a tech, an expert, or staff member to look into this, I'd greatly appreciate it. I've included screens shots and the exported report down below. Thank you, and I hope to hear from someone A.S.A.P. -Sorr Star Wars.txt
  5. Hello, Some clients of ours alerted us that our website is displaying as blocked. The URL is https://travelingtiffinco.com/ Please let me know any other information I can provide to help resolve this. Thank you so much for your assistance!
  6. I rented a new VPS on 3/8 and had to add the IP address (45.141.58.191) to my ignore list just to login an start migrating websites to it. Today learned that anyone trying to visit any site at that IP address is still getting blocked by Malwarebytes and receiving a trojan warning. When I logged into it via Windows Remote Desktop the first time I could tell it was a fresh installation of Windows Server 2019 DC, so obviously the trojan warning must be due to the last customer using that IP hosting a trojan. How do I get my IP removed from the Malwarebytes blacklist? Also, whenever I try to post on this forum and my NordVPN is active my post gets rejected as spam. Please fix that as well.
  7. Hello! I was recently doing a full scan of my PC when MBAM reported a detection on my HDD dedicated for video games. The file in question is located in my Steam Library's files for Half-Life 2, under, "COMMON\HALF-LIFE 2\BIN\DMXCONVERT.EXE" . The type of malware is called, "Malware.AI.4098362766." This made me curious as it's located in my Steam files, not somewhere malware typically is known to be harbored, but then again anything's possible. I scanned the folder with Windows Security, and nothing came back positive. I believe this might be a false positive. I ran the file in question through VirusTotal, and it shows two engines detecting it (https://www.virustotal.com/gui/file/d8dce9bae7239b200e4f5559106625e5f1649d4f97be5407bb94855f4b89059e/detection). I noticed that Malwarebytes isn't picking it up on Virustotal. I was wondering if I could get a confirmation that this is indeed malware or just a false positive. If I could have a technician, admin, or otherwise verify this for me, that would be greatly appreciated. I've attached screencaps and the .txt extraction below. Thanks, and I hope to hear from you A.S.A.P. -Sorr report.txt
  8. Hello, I did a scan and Malwarebytes Free 4.2.3 detected malware with the code Malware.AI.960368963 for my Unity Editor file: C:\PROGRAM FILES\UNITY\HUB\EDITOR\2019.4.12F1\EDITOR\DATA\PLAYBACKENGINES\ANDROIDPLAYER\SDK\BUILD-TOOLS\28.0.3\MIPSEL-LINUX-ANDROID-LD.EXE. Is this a false positive or real threat? I have attached the exported quarantine report. Please let me know if you need any other files. Thank you. I'm new to using the forum so let me know if I need to make changes. malware-ai-960368963.txt
  9. Hello, Our Community Project at hxxps://popupdb.org is being flagged as hijacked. This is not true. The Project tracks down malicious scam websites, which are used to run Microsoft Telephone Scams and has no malicious intentions. Sincerely Admin of PopupDB
  10. Hi all, When I visit https://anime-planet.com/ I get a message warning of 2 Malware, this is a recent alert as I use this site daily and haven't seen it before. This website has been around since 2000 and is extremely popular/trusted. I have ran various malware/virus scans and no services have any issues with the site. Could the alert be removed? Reports: https://www.virustotal.com/gui/url/ed5ef2a9680d7806bd3afbd4cd43ff5a33fab18f804e012c097960bb8ab61310/detection https://sitecheck.sucuri.net/results/https/anime-planet.com https://scanner.pcrisk.com/detailed_report/anime-planet.com#details Thanks in advance!
  11. We are registered non-profit called the World Transformation Movement. Our website is hxxps://humancondition.com and is being classified by Malwarebytes as hosting a Trojan. Please see attached screenshot. We believe this classification is incorrect. The website is hosted via CloudFlare CDN at the following IP addresses: 172.67.68.99 104.26.13.9 104.26.12.9 IPv6 address 2606:4700:20::ac43:4463 IPv6 address 2606:4700:20::681a:d09 IPv6 address 2606:4700:20::681a:c09 We don’t distribute any software via our website. We do have a Mobile App on both the Apple App Store and Google Play Store that is for information about our organisation (Podcasts and eBooks). We publish our Website and Application Terms of use and Privacy policy on our website. Could you please review the Malwarebytes classification our website? If you need any further information, please don’t hesitate to ask. Thanks, Marcus Rowell
  12. Our website, attcnetwork.org, is currently displaying a "Website blocked due to a Trojan" notice for visitors who use Malwarebytes. As far as we can tell, the website isn't compromised. Could you please whitelist our site? Or if you still think that it really does contain a Trojan, can you give us any more details about how that is being determined so that we can fix it? the block occurs with both the browser extension, and with the Premium product for Windows installed. I've attached an exported log file from Malwarebytes Premium, and pasted those contents below. Thanks! ----------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/29/20 Protection Event Time: 10:32 AM Log File: a72575f4-d1b0-11ea-8eb7-3ca82a7ccb50.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27639 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: attcnetwork.org IP Address: 52.37.196.168 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe MalwarebytesBlockExport.txt
  13. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 23/06/2020 Protection Event Time: 09:18 Log File: 22421b78-b52a-11ea-9d38-bc8385eecdaa.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.25899 Licence: Trial -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: childminding.ie IP Address: 63.35.40.223 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end)
  14. Our site at hxxps://www.speysidecottage.co.uk/ is being reported as having a . Ran several scanners on the site and all have came back clear of any trojans or other issues.
  15. Hello, Had Malwarebytes quarantine my Sniper3exe file in Steam, was wondering if this can be can be looked at as I believe it to be a False-Positive. Any help would be greatly appreciated. I have attached log details. Malwarebytes Sniper 3 launcher exe.txt
  16. Hi! I was trying to show my friends this website http://www.kylebb.com/HH/HHSeriesOrder.html . They said they were getting Trojan alerts, Granted if there are ads on it, I can not see them. (Use adblock). I have used this site for a while and never gotten a peep about it. Could you please check it and reclassify if safe? Thanks!
  17. I was downloading arma3 off steam when i got this alert that outbound connection to 157.185.146.129 was stopped because it was malicious. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/27/20 Protection Event Time: 8:12 PM Log File: e040960e-7088-11ea-bbe9-d89ef39c01cc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.854 Update Package Version: 1.0.21476 License: Premium -System Information- OS: Windows 10 (Build 17763.1098) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Steam\steam.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: steam.naeu.qtlglb.com.cdn20.com IP Address: 157.185.146.129 Port: 80 Type: Outbound File: C:\Program Files (x86)\Steam\steam.exe
  18. https://m.wcostream.com/ This website doesn't contain anything malicious or concerning. I try to play a video and it won't play, and it shows it had blocked malware? I used it the other day and it was fine, this had just occurred today. Could you possibly try to resolve this? It'd be appreciated.
  19. Hello, i'm trying to install a tool used for medical billing on a user's computer in an enterprise environment. For Skilled Nursing Facility patients on a Fee-for-service medical plan, this pricer is used to take diagnoses codes and turn them into billing codes with a monetary value. Since medicare guidelines and approved codes change so often, the only way to bill accurately is to use their tool. In the past I've downloaded them from CMS' website ( https://www.cms.gov/Medicare/Medicare-Fee-for-Service-Payment/PCPricer/SNF ). As of today, our Malwarebytes Endpoint Protection is grabbing the .exe as a malware threat and quarantining them. Releasing them and trying to run again just loops the process. I've not found anything on the cloud admin portal where I can go in and white list the file name I've attached one version (there's one for every year, this is 2020) How can I get these installed, and tune our endpoint protection to stop grabbing them? SNF FY2020.4 PC.zip
  20. Hi, I am the Technical Product Manager for Terrain Navigator Pro, PC software application used in GIS work - see: terrainnavigator.com. A mutual customer sent in the attached screen shot indicating that our main download for installation is being flagged as suspicious: http://terrainnavigator.com/downloads/software/InstallerSystem.exe Note that the file is hosted securely by AWS, and the .exe is signed with a valid certificate. It is not malicious in any way. Please add this download to the whitelist incorporated into your products and services. Feel free to email me directly at ed_lecuyer@trimble.com with any questions. Note: This has also been reported as Case#00103387 to Malwarebytes Business Support - who requested that it be reported on this public forum. Sincerely, -Ed Lecuyer Technical Product Manager, Terrain Navigator Pro.
  21. With Malwarebytes I'm getting what I believe to be fp's with parts of Code 42's Crashplan. When I quarantine the files Crashplan no longer can connect to its server and back-ups stop. Here's the threat scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/30/19 Scan Time: 3:33 PM Log File: 6db1e7ee-137e-11ea-8a73-0c9d92c2ca0c.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.764 Update Package Version: 1.0.15578 License: Premium -System Information- OS: Windows 10 (Build 18362.476) CPU: x64 File System: NTFS -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 296527 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 0 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Trojan.Starter.E.Generic, HKU\S-1-5-21-951794708-1484855528-2252583993-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CRASHPLANSERVICEUSER, No Action By User, 6662, 767369, 1.0.15578, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Starter.E.Generic, C:\USERS\MARK\APPDATA\LOCAL\PROGRAMS\CRASHPLAN\CRASHPLANSERVICE.VBS, No Action By User, 6662, 767369, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  22. Hello! I just received an alert by my Malwarebytes 4.0 that it blocked an outbound connection to a Steam website. I just wanted to know if this is a false positive, or a legitimate threat. I've attached my log and screenshots below. If I could get a fast response by a staff member/expert, that would be greatly appreciated as this occurred on my work computer. Thanks, and I hope to hear from you soon! steam report.txt
  23. https://brainerhub.com/ false positive flag for sure log.txt
  24. My update and download server for my application is being blocked. The application had a false positive from malware bytes as I use UPX to compress it. None of my customers using malware bytes can use their software they bought from me since my license server is also running on that IP. Domain: dl.rustservermanager.com IP: 51.75.65.48 Screenshot attached.
  25. Your product is blocking the above website. Yet after check with several other services including googles safe-browsing service I find no reason for the site to b e blocked. All I was trying to do was visit the website.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.