Jump to content

Malwarebytes can not detect it ?

Recommended Posts

I want to use new dupeguru from https://dupeguru.voltaicideas.net/

After original author stop developing it. 

when I check using Virus total I got this 


But when I check the files using Malwarebytes premium I did not get anything
This is the files I test it (Windows 64 bit) https://download.hardcoded.net/dupeguru_win64_4.0.3.exe 

Please check, is this real ? Thank you 



Link to post
Share on other sites

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    welcome mbst.png
  • Click the Gather Logs button
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

    Click "Reveal Hidden Contents" below for details on how to attach a file:

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.


One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites


While I'm not a threat researcher, it appears to me based on the vendor names/threat names being chosen by those that detected it and the fact that only 3 out of the 67 engines detected it, that it is a false positive, not a real threat, and is only being detected by heuristics which are targeting it because of the packer used by the program's developer to compress his file/application (packers are used by both legitimate developers as well as malware authors, however the reason malware authors will use them is to attempt to escape detection by obfuscating their code to try and prevent extracting/analyzing it by threat researchers through encryption and compression of their files).  If you look at the 3 AVs that flagged it, each of them mentions something about the packer used for compressing/compiling the file itself, not necessarily its actual content or purpose (Suspicious.Gen just means that it was a generic heuristic detection made because the structure of the file shared some characteristic(s) with actual known malware; in this case, malware packed using this particular or a similar packer/encryptor).  Even the "BehavesLike" detection mentions "Obfus" which is short for "obfuscated" which again is most likely just a reference to the fact that the file is compressed/compiled using an encrypted packer, and obviously it's a packer they've identified being used by some actual ransomware, or at least the packer being used looks like one used by actual ransomware they've found before).

If you'd like the Malwarebytes Research team to analyze it to determine whether or not it's a valid threat, you may submit it by following the instructions in this topic and provide the file and requested info in a new topic in that area by clicking here, however I honestly don't believe that the file is actually malicious based on the info in the VirusTotal report you posted so the file is most likely safe, at least in my opinion (though again, I am no expert on the subject so feel free to submit the file if you want to be sure).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.