Jump to content

Search the Community

Showing results for tags 'false'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Dear The following site has been reported to contain a virus: https://prewardays.be. After close inspection en multiple antivirus scans there seems to be no virus at all. Thank you for re-analysis en whitelisting of this site.
  2. Hello, Not sure if this is something I can enable as Malwarebytes Admin for my company? Or do I post here and someone fixes it? Thanks! BillM ====================================================================================== Malicious Website blocked MWAC OutboundConnection SIE….etc. ( 2022-02-22T16:17:48Z ======================================================================================
  3. so i have the same problem as dude here: https://forums.malwarebytes.com/topic/284040-false-positive/ ofcorse i try using other search engine (microsoft edge) but i ther was a still the same problem and excluded pages and files that were blocked, the domain I wanted to run is filmman.cc, usually used in my country (Poland) {I am also sending a screen from the excluded pages} and this is my history of block this webstie: Malwarebytes www.malwarebytes.com -Szczegóły raportu- Data zdarzenia ochrony: 24.02.2022 Czas zdarzenia ochrony: 16:28 Plik raportu: 5e30f67a-9586-11ec-81a8-a45d365a0b2b.json -Informacje o oprogramowaniu- Wersja: Wersja komponentów: 1.0.1599 Aktualna wersja pakietu: 1.0.51603 Licencja: Wersja próbna -Informacje o systemie- System operacyjny: Windows 10 (Build 19043.1526) Procesor: x64 System plików: NTFS Użytkownik: System -Szczegóły zablokowanej strony WWW- Złośliwa strona WWW: 1 , C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe, Zablokowano, -1, -1, 0.0.0, , -Dane strony WWW- Kategoria: Trojan Domena: filman.cc Adres IP: 2a06:98c1:3120::8 Port: 443 Typ: Wychodzące Plik: C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe waiting for my problem to be solved!
  4. Hello, Blocked Website / URL: https://zeusmerch.com/ Blocked By: MalwareBytes Browser Guard (especially on MS Edge browser -screenshot attached) Type: False Previous request to unblock: 20-Dec-2021 Previous Post URL: https://forums.malwarebytes.com/topic/282003-website-blocked-by-malwarebytes-browser-guard/ Current Issue Details: Recently the website https://zeusmerch.com/ is getting blocked by the MalwareBytes Browser Guard for trojan/malicious code alert, esspecially on MS Edge Browser. I have scanned the site and it contains no trojan or malware. I have checked other online URL scanners also, and they are also not showing presence of any trojan or any malicious code on the website. I request you to kindly re-check/re-validate this website once, and, please remove this site from getting blocked by the MalwareBytes Browser Guard at the earliest. Also, if you could let me know why the plugin is blocking it on MS Edge browser-anything which we can avoid to get the site blocked again? Many Thanks, Amit K
  5. Hello, Recently the website https://zeusmerch.com/ is getting blocked by the MalwareBytes Browser Guard for trojan/malicious code alert, but I have scanned the site and it contains no trojan or malware. I have checked other online URL scanners also, and they are also not showing presence of any trojan or any malicious code on the website. I request you to kindly re-check/re-validate this website once, and, please remove this site from getting blocked by the MalwareBytes Browser Guard at the earliest. Many Thanks, Amit K
  6. I think these flags are false? https://www.virustotal.com/gui/file/063359c1dd0851bd1fddd7ebe265d5fd3adeb99ca7ccccb5d9f60406a25ab829/community
  7. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
  8. C:\Program Files (x86)\Malwarebytes Anti-Malware has a file 00018785.tmp which mbam says has a bitcoinminer also flagged at https://www.virustotal.com/gui/file/ab035af50be02a9227d7b8be1efe61e332531829d3b4f52f45b8584163e7c042/detection What is this? I have mbam long time only flagged by mbam yesterday
  9. Like another user wrote yesterday, MBAM is blocking the following site, in spite of MBAM's response the false positive had been fixed. Today I got this: Category: MalwareDomain: do-69.lastpass.comIP Address: 443Type: OutboundFile: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  10. False positive: \\ERP01\KEYBALANCE\KEYBALANCEWF\KEYBALANCEWF.EXE This is a small danish ERP system.
  11. Hi, these came up as malware in a manual scan. Here's a link to a thread from a few years ago that might be of use: https://forums.malwarebytes.com/topic/191692-ejieme-clover-program/ Clover Possible False Positive.txt Clover.zip
  12. I tried Malwarebytes Browser beta on my browser Waterfox and i was surprise to see that your product blocked my website https://www.tutoriaux-excalibur.com Due to reputation. My website is clean and don't have any bad reputation, could you fix that please. Thanks
  13. Malwarebytes is detecting IObit Driver Booster Free as a PUP and removing it. This is a false positive. I have uploaded the scan results. Driver Booster False Positive Results.txt
  14. Our site https://www.radio.bialystok.pl has been listed in MalwareBytes Chrome Extension Beta as "Website blocked due to phishing". This seems to be a false positive alert - could you, please, remove it from any URL-blocked lists it appears on. PS. It might be the case that third party (VirusTotal? DrWeb?) software scanner tools report some sites in regional domain: bialystok.pl as source of malicious software?
  15. I'm having trouble with Malwarebytes 3 blocking websites I know are OK. (The Steve Hoffman music forum, for example.) This is a recent problem. I've tried adding exclusions in the program and that doesn't even help. How can this be fixed?
  16. As title says... Malwarebytes sending Telemetry despite option is turned off! Explain please! Additional info. Malwarebytes has been uninstalled and reinstalled, the telemetry is still active. Latest version is installed! Yes i read this thread I also read this reddit thread here where the Malwarebytes Employee promised that the telemetry would be turned off when the option in settings was set to off. Obviously this is not the case. Info taken from pi.hole/ & malwarebytes settings. ( im lucky i have that hardware in my network if i did not malwarebytes would have gotten tons of data from me without me knowning despite having the option turned off in settings! )
  17. Is this a false flag or not? Do I have some toolbar installed? Firefox.zip
  18. The domain siscoming.com has been removed all content and migrated to a new server. Please remove our domain from your blacklist as soon as possible.
  19. Our URL http://powerpartners.com.sg has been wrongly classified as Phishing by Malwarebytes. Please check and remove it from your blacklist asap. We have already passed Google's site review. Thank you. malwarebytes protection log.txt
  20. Hey Guys, I think AdwCleaner is giving me a false positive from a program I installed. I went to this site http://www.mediachance.com/dap/photo-to-painting.html and I installed trial version Dynamic Auto Painter also known as DAP. Now when i ran dap it works fine but yesterday I ran AdwCleaner and it gave me this message Trojan.Buzus, C:\Users\xxxxxxxxx\Documents\DAP The xxx is my username that I erased out of post. I scanned my system with MBAM and Kaspersky and several tools from Mcafee and all show my system is clean. So I deleted the folder using adwcleaner and then i ran DAP again. i then ran Adwcleaner and it gave me the same message as before when it recreated that folder. So is this a false positive as there is no reason for the folder to be flagged as Trojan.Buzus? Can anyone please confirm if they have same issue? Dap is new on my system and it is authentic directly from the site and I know the company is safe software. I have done a test installing a couple items after dap to see if Trojan would appear for other programs and no other issues except the DAP folder. Thanks in advance Gren
  21. Hi there, This site was hacked some time ago and has since been cleaned and updated with better security. You can check the url scan here: https://urlscan.io/result/b6016c88-27e8-43af-9ac0-9e449ba3c41a#transactions Thanks.
  22. When I sat down at my computer today, Bitdefender alerted me to 57 infected files, all of them Malwarebytes files. I am attaching a screen shot with one of the alerts expanded to read where it says the problem is. Pretty much the other 56 alerts read the same. Does anyone know anything about this? I hadn't done anything risky with my computer, it's a Windows 7 model and I usually just use it for my crafting and sewing programs. How can I find out if these are legitimate warnings or not? Thanks for your time!! Kim
  23. I am a Senior technician for a la mode technologies, llc. and we are getting reports that one of the files in our software is getting marked as a virus on our customer's machines by Malwarebytes. This is causing issues for both our customers and for use and we would like to have this file scanned and remove from the virus detection to prevent further disruption to our customers work. Thank you, Jason Krise Senior Tech. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/13/17 Protection Event Time: 11:43 AM Log File: aee63d22-b035-11e7-8f15-d8cb8a4f7edc.json Administrator: Yes -Software Information- Version: Components Version: 1.0.212 Update Package Version: 1.0.3005 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Behavior Protection Protection Technique: Exploit payload from UNC blocked File Name: \\ka08\total program share\WinTOTAL.exe URL: (end) Malwarebytes false positive.txt WinTOTAL.zip
  24. Hi, malwarebytes is blocking this domain and somehow marked it as suspicious. Domain is tested via virustotal and sitecheck sicuri, here are results: https://www.virustotal.com/hr/url/4aa27687e7481d6bedf6ae726b365b8dbef0a81e7b8fb48ef590063466264e28/analysis/1506059793/ https://sitecheck.sucuri.net/results/rapidtrk.net Log is in attachment also. This domain contains 1x1 pixel image serving for analytics. Nothing is fake there and for no apparent reason all sites using this pixel are blocked. Can we resolve this please, asap? Thank you in advance. malwarebytes_log.txt
  25. Incidentally, is there a way to back out of the false positive? I have "alert user" set wherever possible, and I got a pop-up saying keybase was going to be blocked - but it went by too fast and now Keybase won't run unless I disable Exploit protection in Malwarebytes. How to I reset it (so I get the pop-up again), or find out where I need to make an exclusion? For this false positive in particular, it looks like cscript.exe is really what was flagged. Can this be white-listed? Or does that bypass the purpose of programs like MWB? Thanks ------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/10/17 Protection Event Time: 10:35 PM Log File: 14377dfe-96b3-11e7-aba4-00256490a632.json Administrator: Yes -Software Information- Version: Components Version: 1.0.188 Update Package Version: 1.0.2771 License: Premium -System Information- OS: Windows 10 (Build 14393.1593) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: keybase Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cscript.exe cscript.exe URL: (end)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.