Jump to content

False Positives - DAO file


chaosomi

Recommended Posts

Hello,

today I have load this Beta vor testing. Now I have a false Report ( see Screen). TUnfortunately, the message output has been incomprehensible to me. I have long been looking for this DAO Dings. I found problems with Windows, the store no longer opened, and the icon was gone, I was then able to find what was APP mistaken for ransomware.
I have made from the Quarantine, but add the app as harmless arises as very problematic because there are six folders with various subfolders that belong to the Windows Store app. A systematic search for the file in question did not bring any hits, even when modifying the name of leave.

After restarting the Store is back in its original place. For desired analysis I send you the secured Quarantinefile.
I'm new here and I hope it's good enough

ransom1.jpg

Quarantine15-06-2016.zip

Link to post
Share on other sites

  • Staff

Hi chaosomi. 

Thanks for your report. This file should no longer be detected. If you've added DAO.20852700.exe to the exclusions in Malwarebytes Anti-Ransomware BETA, please do remove from exclusions and let us know if the issue returns. It should not.

Please note. We typically would like all the following information when reporting a false positive:

But, that Quarantine folder was helpful also.

Thank you for your participation!

Link to post
Share on other sites

sigh, what have I done.  Here is a File that  found on desktop, is terminated to yasterday after false positv+reboot

MBAMSERVICElog2-20062016@yesterdeay.zip

Have tried and recognized the cause of the empty log file, probably because he has thrown on the desktop, instead of writing manual safety. Because Windows does not release the log file, (Anti-Ransomwa but I had previously completely disabled, so that writing works ...) I have now produced a manually copy from folder Logs (C:\ProgramData\Malwarebytes\MBAMService\logs)
Hope that the new findings contribute to the improvement.
And thanks for protection and assistance

Best regards from Germany

chaosomi

logs-Filemanuell@2016-06-21.zip

Link to post
Share on other sites

Hello, 

The graphics card is Nvidia, but I do not use any special add-ons or extras that would make it plausible why it was striking. I have therefore once checked the services that run with respect to NVidia. Today after the restart but a tool has been terminated because it allegedly no longer works. Dexpot - It creates virtual desktops, I think it was an older version that is slimmer than the latest. There was no specific message. I have installed the latest version of Dexpot about. And it all boils as always.

Check also the update history. No driver updates, Windows10 last update was 2016-06-10

ransom2-falsepositiv-clearing.jpg

Link to post
Share on other sites

tja I believe there with me every now and then new input * gg *

again there is a file in the folder NVidia and I nichtsauf the PC made, for which I would have Nvidia specifically required. Seems that maybe, maybe I should somehow call in the system log?

 

Greetings from Germany

00008e32.zip

logs2016-06-22.zip

Malwarebytes Anti-Ransomware2016-06-22.zip

Link to post
Share on other sites

  • 2 weeks later...

after a few days really were now no real problems, I found this morning a new false positive. Widerum was pushed a file from Nvidia in the quarantine, and my computer almost it has this time swallowed the reboot. He needed to load much longer to Windows.

(in use Firefox was surfbar with one that sometimes is even videos or animated images. Can it be that this access Nvidia processes that then cause the false alarm?)
If your detail checked the log, I must confess, I had last week except for a very old program (image processing) that I use under Windows10 that has been recognized by many antivirus already wrong as malware because of the "crack". The program at that time was legally purchased, and the crack is not a threat. I have taken the tool to the exceptions and not reported because there is no standard software in modern applications, it would be a waste of time to deal with it, but I want it explain if the log file raises questions

00008e97.zip

logs2016-07-05.zip

Quarantine2016-07-05.zip

Link to post
Share on other sites

Hello Chaosomi:

Available data strongly suggests a false positive, and since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the developers, please allow the entry to remain until you are requested to remove it:

          C:\Users\Chaosomi\AppData\Local\NVIDIA\NvBackend\Packages\00008e97\DAO.20908967.exe

Reference: https://www.virustotal.com/en/file/67D66DDEDECED2E2097753AC7F8B197A11019E96C0733164A2A61D51E93FC7A1/analysis/ Signed

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.