Jump to content

False positive on the Bit Che file special.exe


Recommended Posts

I have an app installed called Bit Che. It is a freeware torrent tool. There's a false positive on one of the Bit Che files. I'm posting this not so much for myself, as for the multitude of other Bit Che users that don't know that it is OK to ignore this particular result. I just spent about 2 hours submitting this file as a false positive to something like 15 or 20 anti-virus companies.

The Bit Che developer uses a "file packer to keep the file size down and also to ensure that Bit Che can't be infected with a virus. The file packer checks itself to see if bit_che.exe has been modified (by a virus or anything else) and will not start up if it has been modified."

Well ... virus writers use the same or similar file packers to keep the size of their EXEs down, too. MBAM confuses the Bit Che file with those nasty viruses that we all hate so much. :P

The file that is getting the false positive is special.exe and can be pulled in from the URL below. If I need to put the EXE in an encrypted RAR/ZIP/etc. please let me know in a reply.


The MBAM developer mode log is at the bottom of this post.

Here is the Bit Che developer on his website talking about this sort of false positive ...


The original install package for Bit Che is here ...


There's no rush and I Thank The Nice Folks That Produce And Work With MBAM For Everything you do!

--- the developers log is below ---

Malwarebytes' Anti-Malware 1.40

Database version: 2758

Windows 5.0.2195 Service Pack 4

9/8/2009 8:15:26 PM

mbam-log-2009-09-08 (20-15-13).txt

Scan type: Full Scan (A:\|)

Objects scanned: 91510

Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

A:\special.exe (Spyware.OnlineGames) -> No action taken. [41345241301826171870661967196968182569191967242066186922192119672223192321]

Link to post
Share on other sites

  • Staff

Hello and welcome to the forums.

Due to heavy heuristic detections by Malwarebytes, almost any executable file located at the root will be detected. We suggest you either move the file to a different location on the drive or add it to your ignore list. Malware loves to hide at the root.

We do not make detection adjustments to these files.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.