miekiemoes

Hi, This has been fixed already. Please update your database to latest version. Thanks!

Thanks. This has been fixed already. :)

Hi, This will be whitelisted. Thanks for reporting!

You're most welcome :)

This should be fixed now. Thx for reporting!

Hi, This will be reviewed an detection will be delisted.

You're welcome :)

Hi, Thanks for reporting, this is a false positive indeed but it looks like this has been fixed already.

Thanks for reporting. These looks safe indeed and will be whitelisted.

Combofix uses some commandline tools that are often used by malware as well, hence why this is being flagged as heuristic. Given Combofix is outdated for more than 15 years anyway, it's safe to delete it as I do not recommend running it on any newer OS after Windows 7, since it might break more than fixing things.

No, it's just because, when the file is in use, Malwarebytes might alter the PE header in some cases for a successful removal, so that results in a different sha256, but restores this again if not quarantined or unquarantined. Or it might also be because rooitkit scanning sees a slight difference in files when checked at kernel level in comparison with usermode level (forged files), but that often happens when the file is in use as well.

Yes, files are ok. The reason why it started to detect since recently is because I created that generic detection rule recently as well :)

Yes, that's because of the rootkit scanning. But don't worry and don't be nervous. I wrote the actual detection rule and know it might involve a handful of FPs when rootkit scanning is enabled which happened here in your case. :)

That file is clean. This is really because of the rootkit scanning being enabled though. I will adjust the detection rule to make it a little less generic so this won't be triggered anymore when rootkit scanning is enabled.

That's correct, nothing harmfull was installed on your pc :)