Jump to content

False positives about files (and urls)


Recommended Posts


Malwarebytes detects HFS.exe like a malware analysing my Computer in it's last version, but it's 100% legit , it comes from Rejetto Http File Transfer ( Allows to transfer a file giving a link in http from PC to PC without Server, I use it for a long time.(perhaps it's cause we have to open a port in the box to make it work it's detected like this.....)


In Virustotal analysis, Malwarebytes says it's Clean.....

(zip containing the file attached)


it detects too as a Dns.unlocker but these IPs are "Free" OPEN DNS and local IP connection to my box

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]~[DhcpNameServer] :
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82eba569-60eb-4390-9f4d-45fec09da1b1}]~[DhcpNameServer] :
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b51955e3-93cb-4826-ac4f-741fec48fcd4}]~[DhcpNameServer] :

The value "NameServer" was detected too like a dns.unlocker but I looked in the registry at this place and there's nothing written in this value , no data.

Organization: Free SAS
AS Number: AS12322 Free SAS => Local


And like said My friend rubised in the other topic, detects cjoint.com like Fraud, but here's some examples to show you that's a really a false positive



And from the Kaspersky VirusDesk :

Le lien https://www.cjoint.com est sain

Ce lien est sain conformément aux données de réputation de Kaspersky VirusDesk.

does mean in english :

The link https://www.cjoint.com is healthy

This link is healthy according to Kaspersky VirusDesk reputation data.


a Last thing :

while analyzing my computer, malwarebytes takes very much percents of my processor , I cannot do anything other, it makes my computer going very slow almost static, the browsers pages cannot refresh correctly cause all the processor is taken by Mbam

here's an example (png attached) , and sometimes it goes over 80% of the processor



Link to post
Share on other sites

Link to post
Share on other sites

  • Staff


Thanks for reporting. We will look into this and fix where needed.

As for the DNS.Unlocker, do you have a log where this detection is displayed? Because checking our database, we don't detect any of these DNS.

Additional note, for cjoint.com, detection will remain for now - Please see here: https://myonlinesecurity.co.uk/fake-google-drive-shared-documents-notification/


Link to post
Share on other sites

  • Staff

You probably ran a full custom scan, so it scans every location (which is how it should - we've seen malware in there and there's no guarantee future malware won't drop in there either (as some avs have this folder excluded, thus can be exploited by Malware)).

You can always exclude that folder from scans (when you run a full scan).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.