Jump to content
G Larry

possible false positive: heuristics.Shuriken

Recommended Posts

Yesterday after updating to the latest database including Shuriken heuristics, on reboot I got a Malwarebytes "possible threat" message listing "heuristics.Shuriken" and i quarantined it. Now I read its one of "ours" but since then all hell has broken out on my PC. Firefox hung on a snapfile.com download of PC Tools Antivirus and it will not restart. Neither will Opera. The only browser currently in service is IE7. It could be coincidental but wanted to report it.

Share this post


Link to post
Share on other sites

Hi G Larry,

Please if possible restore the file from MBAM quarantine and then zip and attach it to a reply.

Thanks in advance :rolleyes:

Share this post


Link to post
Share on other sites
Hi G Larry,

Please if possible restore the file from MBAM quarantine and then zip and attach it to a reply.

Thanks in advance ;)

Sorry. I already deleted it from quarantine before I found out it was friendly. Am trying restore point, drive restore, etc. to see if I can get my PC (esp. FireFox) back to normal...

Thanks

Share this post


Link to post
Share on other sites
Sorry. I already deleted it from quarantine before I found out it was friendly. Am trying restore point, drive restore, etc. to see if I can get my PC (esp. FireFox) back to normal...

Thanks

UPDATE..................

I did C: restore from bu server and all is good; found a rogue SKYPE.EXE file in my Doc Settings App Data section (suspected it yesterday as I do not use Skype); malwarebytes id'd it as bad saying heuristics.Shuriken for both the program file and the registry entry... only option was to remove, so rather than risk another episode I did that. I guess that is the file the software found yesterday but did not identify it by name (Skype.exe)... if it comes back, I'll send it along for analysis. The doc/settings file date for the skype entry was 6/17 ... not sure if I've had it that long or if it picked a random earlier date....

Anyway...keep those updates coming! Thanks all.

Share this post


Link to post
Share on other sites

I got a Malwarebytes "possible threat" message listing "heuristics.Shuriken" in my AutoCad 2002 backup Setup file that I had copied directly from the CD. Is this a known false positive. Should I delete the file or leave it alone.

Share this post


Link to post
Share on other sites

Hi JoeD,

Can you please zip and attach the file that is being detected in a reply :)

Share this post


Link to post
Share on other sites

Ok, here it is. But now that I look at it - it may actually be something wrong. It is a very small exe 14KB and there is another file in the same folder called Windows Installer Package that is 4MB (more like what I would expect). This may be something that was randomly put in this folder. Anyway it is attached. Please let me know if it is a real threat.

JoeAutoCad Setup.zip

Share this post


Link to post
Share on other sites

Many thanks JoeD,

Confirmed this is a false positive so no action required on the file.

This will fixed shortly but can be added to the MBAM ignore list in the interim :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.