Jump to content

False Positive While Installing From CDROM??


ko6no
 Share

Recommended Posts

I had to start over with Windows 10 after a system crash. Some of my installed apps were installed back in Win XP era. I'm trying to reinstall from CDROMs. One program, EZNEC+ v5.0 c2000-10, creates some files in AppData/Low/.../Temp during the install. MalWareBytes flags these files as GenericMalwareSuspicious and prevents the app from installing. I don't believe there is any malware on the CDROM and trust the publisher. How can I overcome this?

 

Link to post
Share on other sites

Porthos,

Not sure what you mean by "zip the installer". Here is the log from MWB.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/31/20
Scan Time: 9:55 AM
Log File: c4d097f0-ebaa-11ea-b710-d4bed9b7b53b.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1025
Update Package Version: 1.0.29265
License: Premium

-System Information-
OS: Windows 10 (Build 19041.450)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 280935
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 5 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Generic.Malware/Suspicious, C:\USERS\KO6NO\APPDATA\LOCAL\TEMP\IS-MC12F.TMP\T3.EXE, No Action By User, 0, 392686, 1.0.29265, , shuriken, , EAC056E991A779F18A3206BEA30A72F9, E4347A98F044D9A194894B16C1A8AEB267B240521BD39FDFCEEE7ADF11CCBD3C
Generic.Malware/Suspicious, C:\USERS\KO6NO\APPDATA\LOCAL\TEMP\IS-PCIFQ.TMP\T3.EXE, No Action By User, 0, 392686, 1.0.29265, , shuriken, , EAC056E991A779F18A3206BEA30A72F9, E4347A98F044D9A194894B16C1A8AEB267B240521BD39FDFCEEE7ADF11CCBD3C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

Please clear your hubblecache by doing the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes
Link to post
Share on other sites

37 minutes ago, Emphyrio said:

Please clear your hubblecache by doing the following:

Thank You! That allowed the program to install. The publisher of the software says that he has been plagued by false positive reports starting with Windows 7 in 2010. Some of his code must resemble malware techniques.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.