Jump to content

Probable false positives: Morrowind.exe, deadcells.exe and deadcells_gl.exe


RID93

Recommended Posts

Hey everyone! My Malwarebytes just found three files it deemed suspicious on my computer. They're all "Malware.Heuristic.1003".

I'm assuming the reason why it didn't find them before is that I recently set it to be as thorough as possible when doing a scan (checked the rootkit and "Use expert systems algorithms" options in my settings). For Morrowind.exe, it's not actually the vanilla file, I'm using the Morrowind Code Patch modification (and the Morrowind Graphics Extender XE mod, but I'm not sure that one matters in that context) so it's a modified version of the vanilla exe. Still, these mods are fairly well known and as far as I know, they're safe, so my guess is that it's a false positive. But better be cautious. ^^

As for the other two, they're .exes for a video game called Dead Cells available on Steam. They're perfectly vanilla and I have no reason to believe they're dangerous, so they're probably false positives.

Here's the log for my scan, and the .zip files for the .exes. I ran them through Virustotal too, but I'm not quite sure what to send you, it's the first time I do this. Don't hesitate to tell me what to send you if you think that will help. ^^

report.txt Morrowind.zip deadcells.zip deadcells_gl.zip

Link to post
Share on other sites

18 minutes ago, RID93 said:

I recently set it to be as thorough as possible when doing a scan (checked the rootkit and "Use expert systems algorithms" options in my settings).

Turn off those settings and scan again.

Those settings are off by default especially "Use expert systems algorithms".

"Use expert systems algorithms" is to detect malformed files but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed you are able to tell the difference between a FP and a legit detection. 

And if you keep it on I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

In either way, Staff will look into this and get this fixed.

Thanks for reporting!

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.