Jump to content

False Positive? Telegram Uninstaller


Opium95
 Share

Recommended Posts

 

I had these wo detections pop up during a threat scan on start-up today.

Appears to be linked to the Telegram installer which I know has been a FP before, so just want to check this is also the case here?

Registry Key: 1
Malware.Sandbox.23, HKU\S-1-5-21-3512763429-1555891906-1057290707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_IS1, No Action By User, 23, 0, , , , , , 

File: 1
Malware.Sandbox.23, C:\USERS\******\APPDATA\ROAMING\TELEGRAM DESKTOP\UNINS000.EXE, No Action By User, 23, 0, 1.0.51407, 23, dds, 01651024, 9614A4D16C02685DD70F69F013CF72A4, D04B668045753289B940C2934DA29B5643D1870E6C64C044F1E4853D36E8067D

 

Thanks!

detection.txt.txt

Link to post
Share on other sites

5 hours ago, Opium95 said:

So it is a false positive? Or was the file already whitelisted suggesting that it was a real detection of a virus?

Sorry I just want to confirm for peace of mind!

It was whitelisted because it was a False Positive so it would not be detected again.

Link to post
Share on other sites

  • 1 month later...
On 2/21/2022 at 5:22 PM, Porthos said:

It was whitelisted because it was a False Positive so it would not be detected again.

The very same thing happened to me today on Malwarebytes 4.5.6

I did quarantine it anyway for peace of mind, thanks to clarify that it is once again a False Positive (not sure how it can happen if you did whitelist it).

NB: So far I had the Telegram Uninstaller for years with no issue while doing daily Malwarebytes Scan.

Link to post
Share on other sites

19 minutes ago, Porthos said:

Please provide the log showing the detection.

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 4/18/22

Scan Time: 1:00 PM

Log File: b0e46fec-bf06-11ec-b90f-00ff7704f40c.json

 

-Software Information-

Version: 4.5.6.180

Components Version: 1.0.1634

Update Package Version: 1.0.53847

License: Premium

 

-System Information-

OS: Windows 10 (Build 19044.1645)

CPU: x64

File System: NTFS

User: System

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Scheduler

Result: Completed

Objects Scanned: 380098

Threats Detected: 2

Threats Quarantined: 0

Time Elapsed: 7 min, 31 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 1

Malware.Sandbox.23, HKU\S-1-5-21-899963107-2307166598-3394742062-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1, No Action By User, 23, 0, , , , , ,

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 1

Malware.Sandbox.23, C:\USERS\***\APPDATA\ROAMING\TELEGRAM DESKTOP\UNINS000.EXE, No Action By User, 23, 0, 1.0.53847, 23, dds, 01732744, 637ED282D229E01FB1A01A3A6F2AC334, 2E94D37E28AE45BD6B099BE446C517BA7BC2067E0A21A6EE9BE464B030EBD5E9

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

55 minutes ago, AdvancedSetup said:

You're using an older version of the program. Please update the program and then scan again and let us know.

No problem with 4.5.8

However me using an older version should not have been an issue in this particular case since according to this thread the Telegram Uninstaller was whitelisted on Feb 21th and Malwarebytes 4.5.6 was released on March 15th (and I had no issue with it with daily scans).

So not quite sure what happened here, anyway glad it is resolved.

Thanks.

 

3 minutes ago, cli said:

Thanks for reporting this will be fixed in 10 minutes.

While I was typing I saw this answer so ok, I guess something was off outside the version I used.

Side question if I may,  in my log I can see "Rootkits: Disabled" but yet I have "Scan for Rootkits" turned on in the Malwarebytes UI, am I missing something ?

Link to post
Share on other sites

8 minutes ago, oyug said:

Side question if I may,  in my log I can see "Rootkits: Disabled" but yet I have "Scan for Rootkits" turned on in the Malwarebytes UI, am I missing something ?

There are two separate locations to turn on rootkit scanning.  Main interface and in the secluded scans.

Rootkit scanning should be off as it can cause false positives because it overrides some whitelisting.

Link to post
Share on other sites

1 minute ago, Porthos said:

There are two separate locations to turn on rootkit scanning.  Main interface and in the secluded scans.

Rootkit scanning should be off as it can cause false positives because it overrides some whitelisting.

Thanks, I will keep that in mind.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.