ronzie009 Posted October 6, 2018 ID:1273728 Share Posted October 6, 2018 After a regular scheduled quick scan today, 21 installation files in my Downloads folder were flagged by MBAM as either PUPs or Malware. These files have been there for various lengths of time and never been flagged bad before. They were all originally downloaded while MBAM real time protection was running and not flagged, and I scanned every one of them with MBAM after downloading them and they were not flagged then, so I think it is extremely unlikely that they are dangerous now. I have attached the report, but due to the large number of files involved I have not attached them. 2018-10-06FalsePositives.txt Link to post Share on other sites More sharing options...
Staff miekiemoes Posted October 6, 2018 Staff ID:1273739 Share Posted October 6, 2018 Hi, These don't look like false positives though, but are valid detections. If you would execute them, malwarebytes would block/delete them. Link to post Share on other sites More sharing options...
Staff shadowwar Posted October 6, 2018 Staff ID:1273744 Share Posted October 6, 2018 (edited) This seems to be because we recently added redirect support for the downloads folder. So now as of 3.6.1 a threat scan will follow a redirected download folder. In your case your downloads are located on G drive and not the normal location. This is why they were not detected before. These are pup detections as they can include adware. Edited October 6, 2018 by shadowwar Link to post Share on other sites More sharing options...
Staff blender Posted October 7, 2018 Staff ID:1273821 Share Posted October 7, 2018 Hello, Can you zip & attach this file please? Generic.Malware/Suspicious, G:\DOWNLOADS\LIGHT_IMAGE_RESIZER4_SETUP.EXE, No Action By User, [0], [392686],1.0.7217 The rest - I looked through the log & most are OpenCandy & Bundle Installers. These contain the OpenCandy module which typically when you run the installer has other offers within the app that you would have to uncheck in order to avoid the extra installs. We detect IEPV because some people may not want to have their IE passwords revealed. If used by you to recover a password you forgot on some site you go to, then it is Ok to have, but if someone else was to launch this on your machine without you knowing, you would want it nabbed before they got your passwords. PUP.Optional isn't necessarily "dangerous" - it just means it is Potentially unwanted. If you're familiar with how all these programs work, then you can exclude them. Link to post Share on other sites More sharing options...
ronzie009 Posted October 7, 2018 Author ID:1273839 Share Posted October 7, 2018 2 hours ago, blender said: Hello, Can you zip & attach this file please? Generic.Malware/Suspicious, G:\DOWNLOADS\LIGHT_IMAGE_RESIZER4_SETUP.EXE, No Action By User, [0], [392686],1.0.7217 The rest - I looked through the log & most are OpenCandy & Bundle Installers. These contain the OpenCandy module which typically when you run the installer has other offers within the app that you would have to uncheck in order to avoid the extra installs. We detect IEPV because some people may not want to have their IE passwords revealed. If used by you to recover a password you forgot on some site you go to, then it is Ok to have, but if someone else was to launch this on your machine without you knowing, you would want it nabbed before they got your passwords. PUP.Optional isn't necessarily "dangerous" - it just means it is Potentially unwanted. If you're familiar with how all these programs work, then you can exclude them. light_image_resizer4_setup.zip Link to post Share on other sites More sharing options...
Staff blender Posted October 7, 2018 Staff ID:1273903 Share Posted October 7, 2018 Hello, Thanks for the file. The detection will stay.https://www.virustotal.com/#/file/f0dde1265146a282f1011e2ec5fc71cd095cd4b4aa475ef0be23404cfad6029b/detection Link to post Share on other sites More sharing options...
ronzie009 Posted October 7, 2018 Author ID:1273937 Share Posted October 7, 2018 1 hour ago, blender said: Hello, Thanks for the file. The detection will stay.https://www.virustotal.com/#/file/f0dde1265146a282f1011e2ec5fc71cd095cd4b4aa475ef0be23404cfad6029b/detection Does this mean that this file installed malware on my pc when I ran it five years ago? Malware that neither Windows Defender or MBAM can find? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now