Malwarebytes -- a b'zillion false positives?

Discussion in 'Application Software' started by Holden von Vloppen, Jul 11, 2011.

  1. Holden von Vloppen

    Holden von Vloppen MDL Junior Member

    May 16, 2010
    83
    10
    0
    I have a folder on an external hard drive where I store downloaded software (install files only). I scanned it with Kapersky, which found one really old program to have malware. I therefore deleted it. I did another scan with Malwarebytes just for a second opinion, and it supposedly found a ton of stuff -- 43 pieces of malware. However, several executable files that it flagged are programs I wrote myself and am therefore certain contain no malware. I used to write programs with Visual BASIC 6. Sometimes if I was just writing something quick and easy, I would allow VB to use its default name for its executable: Project1.exe. Malwarebytes has flagged a bunch of these as malware. In addition it appears that Malwarebytes brands any file named "keygen.exe" as malware. Things named "patch.exe" also got flagged. "Removewat.exe" has also been flagged. That's a program I no longer need since I've switched to the Daz Loader, but I don't believe that program is malware. It's software that Malwarebytes evidently doesn't approve of. It never harmed my system when I was using it. Malwarebytes also flagged the file I used to kill Remove WAT.

    Is Malwarebytes just an application written by lazy programmers who figure they'll just brand anything with certain names as malware? The drive I scanned had just been scanned by Kapersky with the latest defs and had already removed the 1 piece of malware that it found.

    An update: I made a bunch of text files with notepad and named them "keygen.exe," "patch.exe," and "Project1.exe" and put them on an empty thumb drive, then scanned with Malwarebytes. None of them were falsely flagged.
     
  2. bp1

    bp1 MDL Member

    May 11, 2009
    208
    50
    10
    Malwarebytes is one of my favorite utils which i use regularly. All of the security vendors have had problems with their sig files in the past and probably will do in the future. Thats why its so important to quarantine or with virus checkers to get flagged files to go into the virus chest folder. Only after sometime and regular check of the quarantine files do i permanently delete the infected files unless i am suspicious of that file in the first place.

    Dont forget you sound quite knowledgeable. A lot of keygens on the internet do contain malware and viruses and some beginners are not aware of this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. x86

    x86 MDL Addicted

    Jul 8, 2011
    898
    206
    30
    I ve been using this along with Spybot for quite a while now and I am quite happy about both programs. There have been cases of false positives with both, so after the scan, I d always take a look at the log prior removing any entries. It's true that they are not fool-proof - Spybot even detects a disabled Security Center as a threat - while I have disabled it in purpose cause I don't use it. But most of the time they are picking up low-threat stuff, such as cookies...
     
  4. Holden von Vloppen

    Holden von Vloppen MDL Junior Member

    May 16, 2010
    83
    10
    0
    My confidence in MBam went way down when it flagged executables I've written myself as malware. They were all simple Visual BASIC 6 programs that I wrote and used the default file name for the executable.
     
  5. bludgard

    bludgard MDL Member

    Jan 4, 2011
    210
    54
    10
    MBAM will find disabled security features (I hate notifications of threats), along with a few other AV/M detecters. I would think any self executable program (no known control) would be flagged as a precaution. Consider it the highest form of flattery. I beleve you can submit a sample and it would thereafter pass.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    I use mbam regularly and such a problem has occurred only once. No matter what I did, mbam insisted on flagging legit windows files. Ultimately, I added the whole list to exclusions, that was the only way out.