Jump to content


Photo

Cheat engine false positive


  • Please log in to reply
15 replies to this topic

#1 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 August 2013 - 07:09 AM

Just did a scan and cheat engine 6.3 is detected as a trojan. false positive clearly as it was downloaded from the official website http://www.cheatengine.org/   . any1 else had this problem and please fix!



#2 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 26 August 2013 - 07:26 AM

Hi,

 

Can you zip & attach the exact file that was detected + malwarebytes developers log?

http://forums.malwar...?showtopic=3228

 

We probably detect this one as PUP.Optional.OpenCandy, since it has OpenCandy (an advertising software module) bundled, which is often unwanted, hence the PUP. so if this is the case, then please see here: http://forums.malwar...howtopic=130207


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 August 2013 - 07:29 AM

it wasnt listed as .pup it was just a trojan though. 



#4 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 26 August 2013 - 07:36 AM

Can you zip and attach the detected file here, please + the malwarebytes scan log used with the developers switch?

http://forums.malwar...?showtopic=3228

Because I cannot reproduce detection on the file from the site.

 

Thanks!


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 August 2013 - 07:39 AM

will let this other scan finish will post in around 30 mins for you. thank you



#6 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 August 2013 - 08:26 AM

i cant find the trojan as i deleted it before but i do happen to have 2 .pup files.



#7 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 26 August 2013 - 08:28 AM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.25.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Alex :: HARVEY [administrator]
 
Protection: Enabled
 
26/08/2013 11:47:20
mbam-log-2013-08-26 (11-47-20).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 568857
Time elapsed: 1 hour(s), 13 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase2.dat (Trojan.Cheat) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\is-4425A.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\is-66802.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)


#8 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 26 August 2013 - 08:37 AM

Hi,

 

As for the PUP.Optional.OpenCandy, that I explained earlier already. :)

 

The Trojan.Cheat detection will be deleted in next database update as this is no threat.

 

Thanks for reporting


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 August 2013 - 03:12 AM

Hi,

 

As for the PUP.Optional.OpenCandy, that I explained earlier already. :)

 

The Trojan.Cheat detection will be deleted in next database update as this is no threat.

 

Thanks for reporting

 

would it be detected today?



#10 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 27 August 2013 - 03:25 AM

Hi,

 

I am unsure what you mean. We removed the Trojan.Cheat detection, since it wasn't a threat.

The PUP.Optional.OpenCandy detection will stay.


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 August 2013 - 03:26 AM

so this update today would of removed the false positive?  and yes i understand about the .pup thats unwanted



#12 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 27 August 2013 - 03:28 AM

yes, we already removed detection a few updates ago :)

(We update our database multiple times a day)


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 August 2013 - 03:31 AM

ok thank you :)



#14 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 August 2013 - 03:33 AM

would installing it without open candy fix the .pup errors? as im given the option to just have it standalone



#15 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 27 August 2013 - 03:42 AM

Yes, if you unselect OpenCandy during the install screen (if possible), then it won't install the OpenCandy Advertisement module.

In either way, you have it installed already, so no need to reinstall again. Mbam has removed the OpenCandy module already and you can select to restore the Trojan.Cheat detection from your Malwarebytes quarantine folder.


Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 harveyftw

harveyftw

    New Member

  • Members
  • Pip
  • 11 posts

Posted 27 August 2013 - 03:43 AM

alright thanks for your help :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users