OpenOffice False Positives?

[QualityPie]

Hi all,

I ran a malware scan last night and it's picked up 6 files through the malware ai system. The files are all associated with Apache OpenOffice. None of my other security software has picked them up, and I'm fairly certain these files have been present on my computer for quite some time and have never been picked up by Malwarebytes before. The scan didn't pick up any other issues.
I get the feeling they might be false positives, I was just wondering if someone could cast their eye over it and give me a second opinion please?

the following is from the report file:

 

"File: 6
Malware.AI.712063648, D:\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\ODBCCONFIG.EXE, Quarantined, 1000000, 0, 1.0.35387, 23356FDFC756D6982A713AA0, dds, 01062854, 0EF5FE1B50FE95B5D8C6C918C402B575, 0D24C77DA90439DF72DD795AD66956A3498BD554E0DBC5C6507B1F8335348C7C
Malware.AI.1241777173, D:\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\UNOINFO.EXE, Quarantined, 1000000, 0, 1.0.35387, B4863355AF0A9CFE4A040415, dds, 01062854, 47CF79D120257A7648D6C59768F20DC4, 6A8DB9D625EF195C3DB189F567A6E6B28946140700BF37A058CEB5A7A744F0B9
Malware.AI.712063648, C:\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\ODBCCONFIG.EXE, Quarantined, 1000000, 0, 1.0.35387, 23356FDFC756D6982A713AA0, dds, 01062854, 0EF5FE1B50FE95B5D8C6C918C402B575, 0D24C77DA90439DF72DD795AD66956A3498BD554E0DBC5C6507B1F8335348C7C
Malware.AI.1241777173, C:\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\UNOINFO.EXE, Quarantined, 1000000, 0, 1.0.35387, B4863355AF0A9CFE4A040415, dds, 01062854, 47CF79D120257A7648D6C59768F20DC4, 6A8DB9D625EF195C3DB189F567A6E6B28946140700BF37A058CEB5A7A744F0B9
Malware.AI.712063648, C:\VTROOT\HARDDISKVOLUME5\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\ODBCCONFIG.EXE, Quarantined, 1000000, 0, 1.0.35387, 23356FDFC756D6982A713AA0, dds, 01062854, 0EF5FE1B50FE95B5D8C6C918C402B575, 0D24C77DA90439DF72DD795AD66956A3498BD554E0DBC5C6507B1F8335348C7C
Malware.AI.1241777173, C:\VTROOT\HARDDISKVOLUME5\PROGRAM FILES (X86)\OPENOFFICE 4\PROGRAM\UNOINFO.EXE, Quarantined, 1000000, 0, 1.0.35387, B4863355AF0A9CFE4A040415, dds, 01062854, 47CF79D120257A7648D6C59768F20DC4, 6A8DB9D625EF195C3DB189F567A6E6B28946140700BF37A058CEB5A7A744F0B9"

Thanks very much.

[miekiemoes]

Hi,

This is indeed a false positive by our additional machinelearning engine we have implemented.
This will get fixed.

Thanks for reporting!

[QualityPie]

59 minutes ago, miekiemoes said:

Hi,

This is indeed a false positive by our additional machinelearning engine we have implemented.
This will get fixed.

Thanks for reporting!

Thanks very much for your quick reply! It's much appreciated

[Nohokun]

Hi,

Just got this file "unoinfo.exe" in my open office folder got quarantined by Malwarebytes today. Is it's still false positive ?

best

[Porthos]

1 hour ago, Nohokun said:

Hi,

Just got this file "unoinfo.exe" in my open office folder got quarantined by Malwarebytes today. Is it's still false positive ?

best

Please post the log and zip and attach the detected file.

[Apennine]

I had the same file detected by the AI that day, so I assumed it was a false positive as well. I've ran additional full system scans and haven't detected anything but recently decided to specifically scan the Open Office folder itself (this time without AI or Expert System Algorithms) and it found another possible infection. I've since scanned with Sophos, Malwarebytes, Microsoft Defender and Spybot Search and Destroy without additional detection. One concern is the log says Rootkit scanning was disabled but I always keep that enabled and every time I've looked it has been visibly on.

I'm using a new laptop with fully updated Windows 10, Malwarebytes Premium installed and Microsoft Defender activated. I do security and application updates first thing every day. Malwarebytes is set to update hourly and scan daily. All programs I download are from official websites, in this case Open Office, usually over Malwarebytes Privacy VPN.

Open Office uses third party mirrors but Sourceforge says it scans for malware and I scan every file after downloading with Malwarebytes. So if it is an infection, I'm not sure how it happened unless there was a bad mirror and it slipped past all security measures.

This was a copy of Open Office 4.1.9 downloaded in March. I've downloaded the latest one and the old version and had them scanned with Virus Total without detecting anything, though I deleted the original file aside from what's in quarantine.

I'm attaching both logs. Should I attach the data and quarantine files from:

C:\ProgramData\Malwarebytes\MBAMService\Quarantine

or does it need to be the original EXE files that were flagged? And is there a way to do that safely in case they are malicious?

Thanks!

Uno.txt Simpress.txt

[shadowwar]

These should both be fixed now.

Its not necessary to leave rootkit scanning on all the time. Its only when you suspect you may have an infection or when we cant remove something in normal mode. Also rootkit scanning is disabled on folder or direct file scans.