-
Posts
10,880 -
Joined
Reputation
217 ExcellentAbout miekiemoes
- Birthday 07/19/1975
Contact Methods
-
MSN
notimetochat
-
Website URL
http://miekiemoes.blogspot.com https://www.malwarebytes.com
Profile Information
-
Location
Belgium
Recent Profile Visitors
63,968 profile views
-
miekiemoes started following Help with a threat founded on my OS by Mbam , False Positive Report - HicapsConnectAPIPlugin.exe , Behringer DeepMind App - False Positive and 5 others
-
False Positive Report - HicapsConnectAPIPlugin.exe
miekiemoes replied to RhysHN's topic in File Detections
Hi, Thanks for reporting - We will get this fixed. -
Behringer DeepMind App - False Positive
miekiemoes replied to wibblemonkey's topic in File Detections
Hi, This has been fixed already. Please update your database to latest version. Thanks! -
I received a MachineLearning/Anomalous.97% detection
miekiemoes replied to MattSV's topic in File Detections
Thanks. This has been fixed already. :) -
False Dedection for Roleplay Emote Hotkey
miekiemoes replied to JackLegend99's topic in File Detections
You're most welcome :) -
False Dedection for Roleplay Emote Hotkey
miekiemoes replied to JackLegend99's topic in File Detections
This should be fixed now. Thx for reporting! -
False Dedection for Roleplay Emote Hotkey
miekiemoes replied to JackLegend99's topic in File Detections
Hi, This will be reviewed an detection will be delisted. -
You're welcome :)
-
Hi, Thanks for reporting, this is a false positive indeed but it looks like this has been fixed already.
-
Thanks for reporting. These looks safe indeed and will be whitelisted.
-
Help with a threat founded on my OS by Mbam
miekiemoes replied to Eno-Scott's topic in File Detections
Combofix uses some commandline tools that are often used by malware as well, hence why this is being flagged as heuristic. Given Combofix is outdated for more than 15 years anyway, it's safe to delete it as I do not recommend running it on any newer OS after Windows 7, since it might break more than fixing things. -
No, it's just because, when the file is in use, Malwarebytes might alter the PE header in some cases for a successful removal, so that results in a different sha256, but restores this again if not quarantined or unquarantined. Or it might also be because rooitkit scanning sees a slight difference in files when checked at kernel level in comparison with usermode level (forged files), but that often happens when the file is in use as well.
-
Yes, files are ok. The reason why it started to detect since recently is because I created that generic detection rule recently as well :)
-
Yes, that's because of the rootkit scanning. But don't worry and don't be nervous. I wrote the actual detection rule and know it might involve a handful of FPs when rootkit scanning is enabled which happened here in your case. :)
-
That file is clean. This is really because of the rootkit scanning being enabled though. I will adjust the detection rule to make it a little less generic so this won't be triggered anymore when rootkit scanning is enabled.