Jump to content

False Positive on Calibre2 ebook-viewer.exe


Recommended Posts

had a false positive [Malware.Ransom.Agent.Genenc] today for C:\Program F11es\Cahbre2\ebook-viewer.exe.

caught in a loop, Can't restore an file as it was marked for deletion on reboot.  needed to delete and reinstall Calibre.

See attached


Link to post
Share on other sites

Hello TRD and :welcome:

Your screen capture is very much appreciated.

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.

Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

A few notes:

1. not sure that any of the attachments will be of value as I had to update Calibre2 to the latest version in order to recover the ebook viewer

2. additionally, I installed the latest Beta version of MBARW

3. Therefore, both applications are now one version up from the versions where the false positive occurred.

Sorry, I wasn't thinking about sending log files, only recovering the ebook viewer.  in any event all requested files are attached.  I hope this helps

Malwarebytes Anti-Ransomware.zip



Link to post
Share on other sites

Hello TRD and :welcome:

Since the system in question had MBARW Beta7 installed over the top of Beta6, the cumulative logs were not lost in this case.  :)

Available data strongly suggests a false positive, and if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

                         C:\Program Files\Calibre2\ebook-viewer.exe


https://www.virustotal.com/en/file/9C1A14D77D4CCBE752575BB2A884BBE6F8531B9D80B666D86993EE102CBCBD82/analysis/ Unsigned  v2.62.0.0

https://www.virustotal.com/en/file/868d42f7643bf3d153ffb40863a9435dc0f47a98246d8a836ac6c367cd8c90b5/analysis/ Unsigned  v2.63.0.0

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you for beta testing MBARW and your valuable feedback.

Edited by 1PW
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.