Jump to content

False positive


COOLak
 Share

Recommended Posts

13 minutes ago, COOLak said:

Just to clarify, it also occurs as part of real-time detection. An additional log file is attached. But the regular manual scan detection is also still in place anyway.

mlwb-rt.txt 675 B · 0 downloads

Please clear your hubble cache by doing the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes
Link to post
Share on other sites

6 minutes ago, Porthos said:

Please clear your hubble cache by doing the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes

Thank you, that helped. Case closed.

  • Like 1
Link to post
Share on other sites

Sorry for the trouble, but there's some additional news about this concern. I also submitted this file to Microsoft for analysis (because their antivirus also detected it as Trojan:Win32/Masson.A!rfn), and upon analysis they confirmed that it was a valid detection. A screenshot of our communication is attached.

I hope you guys didn't just take my word for it and actually analyzed the file before removing it from your threat definitions? Even though I tested its behavior in a sandbox, I'm not a malware expert, and I have no idea what hidden surprises it might have. This is a part of a cracked software installer, that's why I want to make sure it's really safe.

 

image.png

Edited by AdvancedSetup
replaced screenshot per user request
Link to post
Share on other sites

2 minutes ago, Porthos said:

That can change things. With that many VT results I sure as heck would not use it. This forum also does not support piracy either.

If you like the program just pay for it.

I'm not promoting piracy here, but I definitely don't support falsely marking something as a trojan just to scare people away from using pirated software. I'm not sure if that's exactly what Microsoft is doing here, but I'm also wondering if Malwarebytes actually did analyze the file... Let's discuss things without involving personal opinions on piracy or anything else.

Link to post
Share on other sites

3 minutes ago, shadowwar said:

I tried to run the file but it seems corrupt. Does it run ok for you the one you attached?

?

It's not a stand-alone executable. It's a package that the installer drops into Windows Temp folder, and it only works as part of that installer. I just uploaded the complete installer, hope it helps.

925310744_iZotopeNectarPlusv3.3.0CE.rar

Link to post
Share on other sites

Just now, shadowwar said:

Ok we see no malicious behaviour at this time. You have to understand though we do not normally evaluate cracked software for safety. 

I understand, thank you. But I made this request for analytical purposes only. It's always good to exclude false positives, to improve overall detection accuracy.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.