Jump to content

Malwarebytes misdetects a Doom source port as malware.


inkoalawetrust
 Share

Recommended Posts

I ran a Malwarebytes scan on my PC to fix a potential issue, with my CPU often running at its' maximum clock speed recently even while idle. To check if perhaps the cause could be a CPU-based cryptominer.

But all Malwarebytes found were two false positives of a harmless program on my computer. That program is Q-Zandronum, a source port for the original Doom games from the early 90s. The program itself is completely harmless and open source, so you can check directly to see that it doesn't do anything malicious. But it seems that Malwarebytes' heuristics mislabeled it as malware, of course the real time protection also automatically quarantines the program when I attempt to run it.
Interestingly, it seems to only see the 32-Bit build of Q-Zandronum as malware.

Edit: Forgot to mention, but I also turned on "Use artificial intelligent to detect threats" in the scan options, which I presume is the reason for this false positive.

Here is the included log from the full scan I had ran.

Quote

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/21
Scan Time: 4:17 AM
Log File: 2f72ef06-4a71-11ec-ad95-fc3497b865b7.json

-Software Information-
Version: 4.4.11.149
Components Version: 1.0.1513
Update Package Version: 1.0.47437
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1348)
CPU: x64
File System: NTFS
User: DESKTOP-KOALA\inkoalawetrust

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 313701
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 2 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.Heuristic.1001, C:\USERS\INKOALAWETRUST\DESKTOP\DOOM\SOURCE PORTS\Q-ZANDRONUM\Q-ZANDRONUM.EXE, No Action By User, 1000001, 0, 1.0.47437, 0000000000000000000003E9, dds, 01519264, 5FB726E92CB0998C83A4DCD1B1117149, 1E2468DCD8DD5071E1E1F31D8FCDC8C3A71F5FC57B6D0E1A4D4D5861495994DF
Malware.Heuristic.1001, C:\USERS\INKOALAWETRUST\DESKTOP\GAMES (OLD)\Q-ZANDRONUM\Q-ZANDRONUM.EXE, No Action By User, 1000001, 0, 1.0.47437, 0000000000000000000003E9, dds, 01519264, 5FB726E92CB0998C83A4DCD1B1117149, 1E2468DCD8DD5071E1E1F31D8FCDC8C3A71F5FC57B6D0E1A4D4D5861495994DF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 


And here is the log from when Malwarebytes quarantined the 32-Bit executable after I attempted to run it:

Quote

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/21/21
Protection Event Time: 4:27 AM
Log File: 9317fbf4-4a72-11ec-910d-fc3497b865b7.json

-Software Information-
Version: 4.4.11.149
Components Version: 1.0.1513
Update Package Version: 1.0.47437
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1348)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Malware.Heuristic.1001, C:\Users\inkoalawetrust\Desktop\Doom\Source Ports\Q-Zandronum\q-zandronum.exe, Quarantined, 1000001, 0, 1.0.47437, 0000000000000000000003E9, dds, 01519264, 5FB726E92CB0998C83A4DCD1B1117149, 1E2468DCD8DD5071E1E1F31D8FCDC8C3A71F5FC57B6D0E1A4D4D5861495994DF


(end)

 

I have also attached the exact build of Q-Zandronum that is labelled as a false positive below.
q-zandronum_executable_32-bit.zip

Edited by inkoalawetrust
Forgot to mention that I changed the scan options a bit.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.