Jump to content

Nvidia Files false positivves


marcelser
 Share

Recommended Posts

All of a sudden MBARW started quarantining Nvidia Files placed in my User Profile at the directory C:\Users\marc\AppData\Local\NVIDIA\NvBackend\Packages\000093e1. I have uploaded the first one that was detected as zip. After rebooting the machine 1 day later I got another quarantined filed in the nearly identical directory Nnvidia\NVBackend\00093f3 also with a very similar name "DAO.21159685.exe.

I think nvidia started downloading files for its "Geforce Experience" Engine or for driver updates that are now detected as false positives by MBARW.

DAO.21154721.zip

Malwarebytes Anti-Ransomware.zip

Link to post
Share on other sites

  • Staff

Hi,

Can you check and verify if this file is still detected? Because we have fixed this already (if you are indeed talking about the DAO.21154721.exe file.

In case it's a different file, please upload it as well IF it's still deteted, as we might have fixed this in a meanwhile as well.

Alternatively, for future reference, it's a good idea to add the C:\Users\marc\AppData\Local\NVIDIA\NvBackend\Packages\ folder to your exclusion list.

Thanks!!

 

Edited by miekiemoes
Link to post
Share on other sites

  • 2 weeks later...

Hello rahlquist:

In addition to the archive of the failing executable, please post the following:

Using only the native Windows built-in zip utility, please create the following .zip archive files for MBARW developer team analysis:

                              "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW\"

Please attach the archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

Link to post
Share on other sites

  • 2 weeks later...
On 9/15/2016 at 4:07 PM, miekiemoes said:

and verify if this file is still detected? Because we have fixed this already (if you are indeed talking about the DAO.21154721.exe file.

In case it's a different file, please upload it as well IF

And now DAO.21278900.exe is flagging. Will upload the file after the user reboots so i can restore the file

Ransomware false flag.jpg

Link to post
Share on other sites

19 minutes ago, miekiemoes said:

cweston, can you please dequarantine the files and zip and attach them to this thread?

Also, please add the path AppData\Local\NVIDIA\NvBackend\Packages\ to your exclusions :)

Cheers, I've excluded that path now and attached the files for your info.

Cheers,

Craig

CoProc update.21278348.zip

DAO.21253572.zip

DAO.21259166.zip

DAO.21274243.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.