Jump to content

Is this a false positive or real malware site?


Dis-ApplePear
 Share

Recommended Posts

Hello, well, to go straight to the point:

image.thumb.png.565867ed43a3b21cbc95663c2a3f5335.png

This is a file sharing site, though it's mostly used for images. At least I could see the images uploaded there until a few days ago when browsing for video game news in japanese gaming sites. I don't really have proof this is a false positive, so I thought it would better to ask to be sure and to avoid it in the future if it's truly malware.

Link to post
Share on other sites

Oof! A real case this time then. Makes sense, given anyone can share files, someone was going to put something dangerous either due to being careless or whatnot. Better avoid the site altogether from now on, to be sure. Given this is a site where anyone can share files there's no real way for it to be fully clean, I am guessing.

One last thing, just to be safe, if I opened a malicious image before or downloaded it, then Malwarebytes would have detected the malware or any issue during the scans, correct?

Thanks for all the help, once again. 

Link to post
Share on other sites

17 minutes ago, Dis-ApplePear said:

One last thing, just to be safe, if I opened a malicious image before or downloaded it, then Malwarebytes would have detected the malware or any issue during the scans, correct?

Not during a scan. It would have to be opened and then it would be exploit protection blocking it.

If web protection is blocking the site, that is your first clue no to go there at all. Then do what you did to see if the site was a FP although this one is not a FP.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will block execution of files like these only with the anti-exploit module of the paid program.

 

I always suggest Windows 10/11 users turn off the following setting to reenable Defender to run alongside Malwarebytes for added protection.

image.png.5a9563fdd06e16ccfeac0af1c9a7124b.png

Link to post
Share on other sites

Yeah, as soon as Malwarebytes gave the warning I stopped going into the site or seeing content shared through it, but given I've seen images shared there for years before the warning came up in the last few days, I just wanted to make sure I didn't get into trouble.

Alright, so, I don't know much on the matter, so these questions may be a bit silly, I apologize in advance for that:

So if I undestand well: an infected file would not be detected by Malwarebytes scans unless it's opened, moment in which it would avoid Malwarebytes anyways? The malware would just be running free in the system and Malwarebytes wouldn't be able to catch it? Just of note, I don't mean solely the programmed daily threat scan, I actually do have the premium version and use the full custom scan (sometimes with rootkit search as well) regularly as well.

When you mention that Malwarebytes does not target files such as JPG, PDF, DOC and such, you mean that the antvirus doesn't scan those files? Or that the daily threat scan doesn't cover them? I may be wrong (apologize for being stubborn or if I am misunderstanding, but I think it's better to make sure) but I have scanned that type of files before using the "Scan with Malwarebytes" option on the right click and I though that the full custom scan actually did covered all those files as well.

Link to post
Share on other sites

5 minutes ago, Dis-ApplePear said:

I have scanned that type of files before using the "Scan with Malwarebytes" option on the right click and I though that the full custom scan actually did covered all those files as well.

The scanning function is not the largest benefit of the premium Malwarebytes. It is web protection and exploit protection.

1 minute ago, Dis-ApplePear said:

you meant that the after the infected file is exectued, the anti-exploit of Malwarebytes would block the malware, right?

Correct.

Link to post
Share on other sites

Alright, understood. So I am guessing I should be safe, then? If I had ever come across a malicious file on the site I the anti-exploit would have worked to defend against it and I would have been warned of it by Malwarebytes.  I ran a full scan anyways with Malwarebytes, McAffee and Defender just in case, none of them found anything on the PC and the PC hasn't ever shown strange behaviour or issues, so I guess everything is fine.

The rest is simply follow the warnings regarding websites and be careful-

I also reenabled Windows Defender, as you suggested, I hadn't noticed that Malwarebytes had essentially turned it off.

Link to post
Share on other sites

Okay got that, thanks, Porthos. I'll check that as well.

Sorry to insist but, as I asked above:

Quote

Alright, understood. So I am guessing I should be safe, then? If I had ever come across a malicious file on the site I the anti-exploit would have worked to defend against it and I would have been warned of it by Malwarebytes.  I ran a full scan anyways with Malwarebytes, McAffee and Defender just in case, none of them found anything on the PC and the PC hasn't ever shown strange behaviour or issues, so I guess everything is fine.

Should everything be alright then?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.