Jump to content


Photo

Possible False Positive?

game file audiosurf

  • Please log in to reply
9 replies to this topic

#1 Portal_Pass91

Portal_Pass91

    New Member

  • Members
  • Pip
  • 4 posts

Posted 03 June 2013 - 05:22 PM

Hello, I ran a full scan today and it said there is one threat located in my Steam games folder, specifically in the game folder for Audiosurf. And the file it found said it was a "Trojan.Agent.rf" which was found in the engine folder, and the file called "QuestViewer.exe". After this was found, I deleted the file and restarted as Malwarebytes requested, scanned again and was fine. I then did a system restore to about five days ago, ran another full scan, and the same file came up with the same threat definition. Can someone confirm if this is a false positive?

Thanks in advance.

#2 DarkSnakeKobra

DarkSnakeKobra

    May the penguin be with you!

  • Honorary Members
  • PipPipPipPipPipPip
  • 5,262 posts
  • Gender:Male
  • Location:~
  • Interests:Scripting, GNU/Linux, photography

Posted 03 June 2013 - 06:09 PM

:welcome:

Can you please follow the directions for posting false positives in the sticky?

http://forums.malwar...?showtopic=3228

I'm not a staff member just another Malwarebytes' user.

Advice: Hug your dog, cat etc everyday! :)


#3 Portal_Pass91

Portal_Pass91

    New Member

  • Members
  • Pip
  • 4 posts

Posted 03 June 2013 - 10:20 PM

My apologies. I was in a bit of a panic to find out if this was a false positive or not, but after reviewing the Audio Surf and Steam forums, it appears this file is apart of the game. Making this find a false positive. You can see so for yourself by searching for "QuestViewer.exe" (without quotes). Also, the file has already been removed. And after reading those instructions, would submitting a file without that file still provide useful information to resolving this false positive?

#4 sUBs

sUBs

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 8,316 posts

Posted 03 June 2013 - 10:51 PM

File is likely in mbam's quarantine cache. You can dequarantine it and then zip/attach it to your next reply.
sUBs
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 03 June 2013 - 10:53 PM

Also, the file has already been removed. And after reading those instructions, would submitting a file without that file still provide useful information to resolving this false positive?

No, the file is required. If you would, please open Malwarebytes Anti-Malware and access the Quarantine tab. Once there, click on the file and then click Restore.

Now, navigate to the file's location and zip and attach it to your next reply so that our Research team may get the false positive corrected.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Portal_Pass91

Portal_Pass91

    New Member

  • Members
  • Pip
  • 4 posts

Posted 04 June 2013 - 01:32 AM

Okay, here is the file you requested. Please keep me up-to-date on this matter.

Thank you.

Attached Files



#7 sUBs

sUBs

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 8,316 posts

Posted 04 June 2013 - 01:43 AM

Taking a look at the file right now
sUBs
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 sUBs

sUBs

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 8,316 posts

Posted 04 June 2013 - 02:02 AM

I confirm this is a false positive. Thank you for informing us. It shall be fixed in our next update.
sUBs
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 Scaredaswell

Scaredaswell

    New Member

  • Members
  • Pip
  • 1 posts

Posted 05 June 2013 - 05:50 PM

Thanks for making this post Portal. I just finished a full scan of Malware Bytes and had the same file flagged. Was getting worried. After doing some googleing it does indeed look like this is a false positive. The file is a part of the game. Thanks again for making this post!

#10 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,242 posts
  • Gender:Male

Posted 05 June 2013 - 05:58 PM

If u update it should no longer be detected.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users