Jump to content

False Positive MachineLearning/Anomalous.100%: VB6 program


Recommended Posts

Sorry to be that guy still using Visual Basic 6. This executable is being flagged for MachineLearning/Anomalous.100%. What is strange is that I have several apps created in VB6 that do not get flagged. Some required some tweaking but I hit a wall with this one. Also, it uses 99% of code used in programs that did not get flagged. I even removed the 1% of code that was new and the false positive remains. Let me know if you would like the other programs.

-Cheers!

24HourClockDownloader.rar

Link to post
Share on other sites
  • 2 months later...

The VB6 false positive problem is back!... After upgrading last month the problem went away but now it's back... Both vb6.exe and my desktop link vb6.lnk are now being flagged.

PLEASE do somthing about this!

Link to post
Share on other sites
  • Root Admin

Hello @BillReilly

Can you please post back the actual log file showing the detection as well as zip up the file and attach so that we can review.

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

Thank you

 

 

Link to post
Share on other sites

Here's the Summary page:

image.png.ed6630e6e9f47057a8fa5840db892a71.png

The Advanced pane shows this:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/05/2021
Scan Time: 03:48
Log File: 4e67e04b-b38d-11eb-ba48-60029220462f.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.40346
Licence: Premium

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 353971
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 10 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.Heuristic.1006, C:\USERS\BILL\Desktop\VB6.lnk, No Action By User, 1000001, 0, , , , , 37C8B7D28A256AD2AD86A6A349AD1225, 9B1385EDA8F9300F76067D4B03B7D54072C6B1848BC3A89B9D0AAC5EA0A7F3F1
Malware.Heuristic.1006, C:\PROGRAM FILES\VISUAL BASIC\VB6.EXE, No Action By User, 1000001, 0, 1.0.40346, 0000000000000000000003EE, dds, 01241484, A6E14E9E0A1295E14B43A3B158EDDDEC, 7D4540D9FD2886C58FBD8E91DF7B9640DC0083B3F81EDFC882BD42982EDC8E3F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

These files are harmless, they just happen to have the name vb6.* so they are getting flagged for no reason... I thought this problem was fixed a month or so ago but obviously that fix got rolled back or somebody made a mistake.

I've had other problems with Malwarebytes so if you don't fix this I'll have no choice but to uninstall it from all of my PCs.

Thanks,

Bill

 

VB6.zip VB6 (2).zip

Link to post
Share on other sites
1 minute ago, BillReilly said:

Malware.Heuristic.1006

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

This is normally disabled by default.

Link to post
Share on other sites
  • Staff

In addition to:

1 hour ago, Porthos said:
1 hour ago, BillReilly said:

Malware.Heuristic.1006

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

 

This is normally disabled by default.

This was detected by our machine learning engine and we advise developers to whitelist the folders they develop in. For more information on why it might have been detected, please read MachineLearning/Anomalous Detections and Explanation.

Thanks for reporting, this will be fixed in 10 minutes.

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.