julie80 Posted April 20, 2023 ID:1564006 Share Posted April 20, 2023 (edited) Hi SystemInformer is flagged as Malware.AI.3989162878 , is the new process hacker ,open source task manager can you downlaod the binaries systeminformer-3.0.6522-bin.zip ? It's the portable version https://systeminformer.sourceforge.io/nightly.php thanks Edited May 15, 2023 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
Porthos Posted April 20, 2023 ID:1564007 Share Posted April 20, 2023 Malwarebytes www.malwarebytes.com File: 14 Malware.AI.1322061801, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\AMD64\X86\SYSTEMINFORMER.EXE, No Action By User, 1000000, 1322061801, 1.0.68285, 1923B8CAC662B3984ECD0FE9, dds, 02261524, B32A07723AB6D01BD370ECBBE7472523, 146F3058C345708B89B7E98BF3B8B018769EB3B6626BBB1362A96FA68F8E2178 Generic.Malware/Suspicious, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\I386\PEVIEW.EXE, No Action By User, 0, 392686, 1.0.68285, , shuriken, , CBAE8B790E76F6C4EBD321BD93CB24B3, 26400835D777B0433FA5497D8DC34DE04AFDD7986E040B865B2E01BD857DA365 Generic.Malware/Suspicious, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\I386\PEVIEW.EXE, No Action By User, 0, 392686, 1.0.68285, , shuriken, , CBAE8B790E76F6C4EBD321BD93CB24B3, 26400835D777B0433FA5497D8DC34DE04AFDD7986E040B865B2E01BD857DA365 Malware.AI.1322061801, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\I386\SYSTEMINFORMER.EXE, No Action By User, 1000000, 1322061801, 1.0.68285, 1923B8CAC662B3984ECD0FE9, dds, 02261524, B32A07723AB6D01BD370ECBBE7472523, 146F3058C345708B89B7E98BF3B8B018769EB3B6626BBB1362A96FA68F8E2178 Malware.AI.1322061801, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\AMD64\X86\SYSTEMINFORMER.EXE, No Action By User, 1000000, 1322061801, 1.0.68285, 1923B8CAC662B3984ECD0FE9, dds, 02261524, B32A07723AB6D01BD370ECBBE7472523, 146F3058C345708B89B7E98BF3B8B018769EB3B6626BBB1362A96FA68F8E2178 Malware.AI.4286677055, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\I386\PLUGINS\NETWORKTOOLS.DLL, No Action By User, 1000000, -8290241, 1.0.68285, 0019EE37038265D4FF81803F, dds, 02261524, 929E1DB26F60139500F35447F73E969F, 4CB1CD36E6C11E75B5E588A4026F716DEEDE9A0EF17DCAB91C6DA55330F368B6 Malware.AI.3989162878, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\AMD64\SYSTEMINFORMER.EXE, No Action By User, 1000000, -305804418, 1.0.68285, 4040A889FD482864EDC5CB7E, dds, 02261524, EF92CC1FE8111A60C01D3169B90730D8, C36F3F901FAEB105FC2C0EAE6E87E37C05334C3A4426F3A7FDF41B2F6EDDBA6A Malware.AI.3989162878, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\AMD64\SYSTEMINFORMER.EXE, No Action By User, 1000000, -305804418, 1.0.68285, 4040A889FD482864EDC5CB7E, dds, 02261524, EF92CC1FE8111A60C01D3169B90730D8, C36F3F901FAEB105FC2C0EAE6E87E37C05334C3A4426F3A7FDF41B2F6EDDBA6A Malware.AI.4226978009, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\I386\PLUGINS\TOOLSTATUS.DLL, No Action By User, 1000000, -67989287, 1.0.68285, 5315534851095374FBF290D9, dds, 02261524, 795766CB95CD8E48C4F6C037406CADAC, 42F4C83E951F87A16EAA70D0F386839F385ECA73242A8FF31FFEB553185984EB Malware.AI.4286677055, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\I386\PLUGINS\NETWORKTOOLS.DLL, No Action By User, 1000000, -8290241, 1.0.68285, 0019EE37038265D4FF81803F, dds, 02261524, 929E1DB26F60139500F35447F73E969F, 4CB1CD36E6C11E75B5E588A4026F716DEEDE9A0EF17DCAB91C6DA55330F368B6 Malware.AI.3370698356, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-SETUP\I386\PLUGINS\WINDOWEXPLORER.DLL, No Action By User, 1000000, -924268940, 1.0.68285, A12BB49445976699C8E8C674, dds, 02261524, 59855322FB6DFECD7620943CC0E5160E, 44B85F01180D95BD40CC7353015ADF5ABA13E3CB12599853F854448D50E4A8D8 Malware.AI.1322061801, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\I386\SYSTEMINFORMER.EXE, No Action By User, 1000000, 1322061801, 1.0.68285, 1923B8CAC662B3984ECD0FE9, dds, 02261524, B32A07723AB6D01BD370ECBBE7472523, 146F3058C345708B89B7E98BF3B8B018769EB3B6626BBB1362A96FA68F8E2178 Malware.AI.4226978009, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\I386\PLUGINS\TOOLSTATUS.DLL, No Action By User, 1000000, -67989287, 1.0.68285, 5315534851095374FBF290D9, dds, 02261524, 795766CB95CD8E48C4F6C037406CADAC, 42F4C83E951F87A16EAA70D0F386839F385ECA73242A8FF31FFEB553185984EB Malware.AI.3370698356, C:\MALWARE TEST NO WD\SYSTEMINFORMER-3.0.6522-BIN\I386\PLUGINS\WINDOWEXPLORER.DLL, No Action By User, 1000000, -924268940, 1.0.68285, A12BB49445976699C8E8C674, dds, 02261524, 59855322FB6DFECD7620943CC0E5160E, 44B85F01180D95BD40CC7353015ADF5ABA13E3CB12599853F854448D50E4A8D8 Link to post Share on other sites More sharing options...
julie80 Posted April 20, 2023 Author ID:1564009 Share Posted April 20, 2023 (edited) Hi @Porthos but it's not malware , even process hacker open source is flagged as malware , i have been used for many years , i have scanned with malwarebyte too can malwarebyte team at lest check if it's really malware (Malware.AI.1322061801) , seening has a great reputation , give a look to kaspersky and eset they don't flag it as malware https://github.com/winsiderss/systeminformer/releases/tag/v2.39 about process explorer is not considered very safe while Quote Ransomware gangs abuse Process Explorer driver to kill security software https://www.bleepingcomputer.com/news/security/ransomware-gangs-abuse-process-explorer-driver-to-kill-security-software/ thanks Edited May 15, 2023 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
Porthos Posted April 20, 2023 ID:1564017 Share Posted April 20, 2023 1 hour ago, julie80 said: but it's not malware Never said it was , just added the log that you should have. Link to post Share on other sites More sharing options...
julie80 Posted April 20, 2023 Author ID:1564037 Share Posted April 20, 2023 (edited) 57 minutes ago, Porthos said: Never said it was , just added the log that you should have. Hi malwarebyte was and is (and it's always been) a top notch program may I know how can i submit a false allarm? english is not my native language thanks Edited April 20, 2023 by julie80 Link to post Share on other sites More sharing options...
Porthos Posted April 20, 2023 ID:1564041 Share Posted April 20, 2023 7 minutes ago, julie80 said: may I know how can i submit a false allarm? You did when you created this topic. Link to post Share on other sites More sharing options...
Staff blender Posted April 20, 2023 Staff ID:1564043 Share Posted April 20, 2023 Hello, Please see this post for clarification as to why it is detected. 1 Link to post Share on other sites More sharing options...
julie80 Posted April 21, 2023 Author ID:1564114 Share Posted April 21, 2023 12 hours ago, blender said: Hello, Please see this post for clarification as to why it is detected. Hi well , I'm glad but the name Malware.AI.3989162878 is misleading I would add Process Explorer too seeing it's used by many new ransomware , like the article thanks a lot for the explanation Link to post Share on other sites More sharing options...
dmex Posted April 21, 2023 ID:1564152 Share Posted April 21, 2023 14 hours ago, blender said: Hello, Please see this post for clarification as to why it is detected. @blender How does an article about Process Hacker provide clarification with regard to System Informer? System Informer has been through a review by MSRC and cannot terminate or disable security software because of PPL... so why is System Informer considered malicious? Link to post Share on other sites More sharing options...
julie80 Posted April 21, 2023 Author ID:1564195 Share Posted April 21, 2023 @blender Hi well about Ransomware gangs abuse Process Explorer driver to kill security software , will added in the database ? seeing it's very used ,process explorer and it's used by many malwares thanks for the information regarding process hacker Link to post Share on other sites More sharing options...
dmex Posted May 15, 2023 ID:1567487 Share Posted May 15, 2023 @blender Any update RE System Informer? 15 other vendors have removed their classifications but we haven't heard anything from Malwarebytes? Link to post Share on other sites More sharing options...
Staff shadowwar Posted May 15, 2023 Staff ID:1567522 Share Posted May 15, 2023 (edited) The other one will be removed shortly: Malware.AI.3989162878 This has already been removed: DDS result for Malware.AI.4226978009 Signature is not active. Signature was removed 3 weeks ago DDS result for Malware.AI.1322061801 Signature is not active. Signature was removed 3 weeks ago DDS result for Malware.AI.4286677055 Signature is not active. Signature was removed 3 weeks ago DDS result for Malware.AI.3370698356 Signature is not active. Signature was removed 3 weeks ago If any others are still detected please zip and attach those files. Edited May 15, 2023 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
dmex Posted June 7, 2023 ID:1571068 Share Posted June 7, 2023 @shadowwar Thanks, the current build has been showing detections since April. You can download the zip from our releases page: hxxps://github.com/winsiderss/si-builds/releases/download/3.0.6550/systeminformer-3.0.6550-bin.zip The main two are: Malware.AI.3863372411 Malware.AI.4096581108 Link to post Share on other sites More sharing options...
Staff shadowwar Posted June 7, 2023 Staff ID:1571069 Share Posted June 7, 2023 do you have a log showing the detections? Link to post Share on other sites More sharing options...
Staff shadowwar Posted June 7, 2023 Staff ID:1571070 Share Posted June 7, 2023 These have been cloud whitelisted and the defs will be removed next update. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now