Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Search the Community

Showing results for tags 'positive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Dear The following site has been reported to contain a virus: https://prewardays.be. After close inspection en multiple antivirus scans there seems to be no virus at all. Thank you for re-analysis en whitelisting of this site.
  2. Hello, Not sure if this is something I can enable as Malwarebytes Admin for my company? Or do I post here and someone fixes it? Thanks! BillM ====================================================================================== Malicious Website blocked MWAC OutboundConnection SIE….etc. ( 2022-02-22T16:17:48Z ======================================================================================
  3. Hello, Blocked Website / URL: https://zeusmerch.com/ Blocked By: MalwareBytes Browser Guard (especially on MS Edge browser -screenshot attached) Type: False Previous request to unblock: 20-Dec-2021 Previous Post URL: https://forums.malwarebytes.com/topic/282003-website-blocked-by-malwarebytes-browser-guard/ Current Issue Details: Recently the website https://zeusmerch.com/ is getting blocked by the MalwareBytes Browser Guard for trojan/malicious code alert, esspecially on MS Edge Browser. I have scanned the site and it contains no trojan or malware. I have checked other online URL scanners also, and they are also not showing presence of any trojan or any malicious code on the website. I request you to kindly re-check/re-validate this website once, and, please remove this site from getting blocked by the MalwareBytes Browser Guard at the earliest. Also, if you could let me know why the plugin is blocking it on MS Edge browser-anything which we can avoid to get the site blocked again? Many Thanks, Amit K
  4. Hello, Recently the website https://zeusmerch.com/ is getting blocked by the MalwareBytes Browser Guard for trojan/malicious code alert, but I have scanned the site and it contains no trojan or malware. I have checked other online URL scanners also, and they are also not showing presence of any trojan or any malicious code on the website. I request you to kindly re-check/re-validate this website once, and, please remove this site from getting blocked by the MalwareBytes Browser Guard at the earliest. Many Thanks, Amit K
  5. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
  6. C:\Program Files (x86)\Malwarebytes Anti-Malware has a file 00018785.tmp which mbam says has a bitcoinminer also flagged at https://www.virustotal.com/gui/file/ab035af50be02a9227d7b8be1efe61e332531829d3b4f52f45b8584163e7c042/detection What is this? I have mbam long time only flagged by mbam yesterday
  7. Like another user wrote yesterday, MBAM is blocking the following site, in spite of MBAM's response the false positive had been fixed. Today I got this: Category: MalwareDomain: do-69.lastpass.comIP Address: 443Type: OutboundFile: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  8. I tried Malwarebytes Browser beta on my browser Waterfox and i was surprise to see that your product blocked my website https://www.tutoriaux-excalibur.com Due to reputation. My website is clean and don't have any bad reputation, could you fix that please. Thanks
  9. Malwarebytes is detecting IObit Driver Booster Free as a PUP and removing it. This is a false positive. I have uploaded the scan results. Driver Booster False Positive Results.txt
  10. Our site https://www.radio.bialystok.pl has been listed in MalwareBytes Chrome Extension Beta as "Website blocked due to phishing". This seems to be a false positive alert - could you, please, remove it from any URL-blocked lists it appears on. PS. It might be the case that third party (VirusTotal? DrWeb?) software scanner tools report some sites in regional domain: bialystok.pl as source of malicious software?
  11. The domain siscoming.com has been removed all content and migrated to a new server. Please remove our domain from your blacklist as soon as possible.
  12. Our URL http://powerpartners.com.sg has been wrongly classified as Phishing by Malwarebytes. Please check and remove it from your blacklist asap. We have already passed Google's site review. Thank you. malwarebytes protection log.txt
  13. Hey Guys, I think AdwCleaner is giving me a false positive from a program I installed. I went to this site http://www.mediachance.com/dap/photo-to-painting.html and I installed trial version Dynamic Auto Painter also known as DAP. Now when i ran dap it works fine but yesterday I ran AdwCleaner and it gave me this message Trojan.Buzus, C:\Users\xxxxxxxxx\Documents\DAP The xxx is my username that I erased out of post. I scanned my system with MBAM and Kaspersky and several tools from Mcafee and all show my system is clean. So I deleted the folder using adwcleaner and then i ran DAP again. i then ran Adwcleaner and it gave me the same message as before when it recreated that folder. So is this a false positive as there is no reason for the folder to be flagged as Trojan.Buzus? Can anyone please confirm if they have same issue? Dap is new on my system and it is authentic directly from the site and I know the company is safe software. I have done a test installing a couple items after dap to see if Trojan would appear for other programs and no other issues except the DAP folder. Thanks in advance Gren
  14. Hi there, This site was hacked some time ago and has since been cleaned and updated with better security. You can check the url scan here: https://urlscan.io/result/b6016c88-27e8-43af-9ac0-9e449ba3c41a#transactions Thanks.
  15. I am a Senior technician for a la mode technologies, llc. and we are getting reports that one of the files in our software is getting marked as a virus on our customer's machines by Malwarebytes. This is causing issues for both our customers and for use and we would like to have this file scanned and remove from the virus detection to prevent further disruption to our customers work. Thank you, Jason Krise Senior Tech. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/13/17 Protection Event Time: 11:43 AM Log File: aee63d22-b035-11e7-8f15-d8cb8a4f7edc.json Administrator: Yes -Software Information- Version: Components Version: 1.0.212 Update Package Version: 1.0.3005 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Behavior Protection Protection Technique: Exploit payload from UNC blocked File Name: \\ka08\total program share\WinTOTAL.exe URL: (end) Malwarebytes false positive.txt WinTOTAL.zip
  16. Hi, malwarebytes is blocking this domain and somehow marked it as suspicious. Domain is tested via virustotal and sitecheck sicuri, here are results: https://www.virustotal.com/hr/url/4aa27687e7481d6bedf6ae726b365b8dbef0a81e7b8fb48ef590063466264e28/analysis/1506059793/ https://sitecheck.sucuri.net/results/rapidtrk.net Log is in attachment also. This domain contains 1x1 pixel image serving for analytics. Nothing is fake there and for no apparent reason all sites using this pixel are blocked. Can we resolve this please, asap? Thank you in advance. malwarebytes_log.txt
  17. Good day, I'm currently developping a website hosted by 000webhost, and I notice MB blocks it. Informations about my website : Host plateform : 000webhost Website URL : hxxp://dofensive.000webhostapp.com Protection log : -Log Details- Protection Event Date: 02/09/2017 Protection Event Time: 11:54 Log File: bf35dd90-8fc4-11e7-b998-d017c211a21b.json Administrator: Yes -Software Information- Version: Components Version: 1.0.188 Update Package Version: 1.0.2707 Licence: Trial -System Information- OS: Windows 10 (Build 15063.540) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: dofensive.000webhostapp.com IP Address: Port: [50141] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- I have also the same issue with an older website hosted by the same host service. Website URL : hxxp://foxhounddesign.000webhostapp.com Protection log (updated section) : -Website Data- Domain: foxhounddesign.000webhostapp.com IP Address: Port: [50150] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Thanks for your help. Best regards.
  18. I just had MBAM Premium detect a DropBox Windows HKLM Registry Key as Ransomware. I was moving files around inside my DropBox folder when this happened, so MBAM probably picked up on the DropBox.exe process "modifying" (AKA Syncing) these files to the cloud en masse, killed the process, and blocked it from executing. I'd like to first say amazing job at blocking Ransomware in its' tracks - um... if it was actually Ransomware. Malwarebytes version: Component package version: 1.0.103 Update package version: 1.0.1763 No big deal, as I'll just reinstall DropBox and start its' sync process again, and probably whitelist it in MBAM, but I thought I's share in case this has happened to anyone else.
  19. Hi, not sure if I'm rehashing an old issue, but I just downloaded Malwarebytes 3.0.6 (first day of premium trial) and have received the same false positive for both Auslogics BoostSpeed as well as Auslogics Disk Defrag. I believe I am running the latest versions of both AusLogic programs. I would think these are clean programs? Perhaps I should dig deeper on google and see if other users have reported malicious activity from Auslogics software? Thanks
  20. the older 0.9.16 beta removed my windows 10 photos - app. (the exe got quarantined) can anyone please help me to get it back? I already tried unistalling / reinstalling the app via powershell. it is listed as installed in the store but won't run. Thanks
  21. C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\ mbarwind.zip C:\ProgramData\Malwarebytes\MBAMService\logs\ : MBAMSERVICE.zip
  22. Hi, we have contacted your support team and found out that "PUP.Lotoor is a type of rootkit, and PUP.Riskware,Batmob.me is a riskware app". Later, we deleted the files mentioned but the detection still stood. It might be that you have added our package name, "com.mephone.fonts" into your database. Therefore, we will always get positive results unless we change our package name, which is not our intention. Could you please remove our package name out of your database, or tell us how to solve this problem? Attached is our apk (deleting the so called malicious file): LovelyFonts2_huaqin.zip
  23. False positive detecting Cisco/Meraki Systems Manager Network Agent as "Malware.Ransome.Agent.Generic". Jason
  24. Running Auslogics BoostSpeed v6.4.1.0 Anti-Ransomware Beta While performing "Disk Space" cleaning, ARbeta quarantined Boostspeed.exe Program is known clean, genuine.
  25. Pretty much what it says on the tin. It pretty much deleted this program without so much as informing me, and on more than one computer. MWB-3-30-16.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.