False Positive of Malwarebytes ?

Hi guy i dont know if this is true of my Malwarebytes found again the endbuild.bat as a Trojan:FakeAlert again… Should i send the file to the chest and send to Avast! for a analysis ?

Mr.Agent

PS : I hope im in the right section for post this again…

Sorry to double post but its mark it as a virus when i do only quick scan or full scan. Other wise when i right click and scan with Malwarebytes its didnt detect it as a virus… Please help me.

Im in panic !!!

Mr.Agent

Hi Mr. Agent!

Did you already upload the file to Virustotal?

yours
onlysomeone

Can you “edit” (not run!) that file with Notepad? Which program are marked to be run into the commands?

I think this post should be in virus and worm again… Im very sorry man. I cant even open it with another option…

Sorry to double post. I did updated my Malwarebytes now and i did quick scan and its didnt even put it as a virus… Its very strange now a day…

Take care about the decisions you’ll take today ;D

Well if this was really a virus then its would say it in virustotal when in virustotal its again a 0… http://www.virustotal.com/en/analisis/24cc61ecc8d7ca573aaf183fb2dc05d0b6100e07f6ffc97b599e4e4a14a7b81f-1246969487

Check here first:
Malwarebytes Forum > Malwarebytes’ Anti-Malware Support > False Positives
http://www.malwarebytes.org/forums/index.php?showforum=42

Other wise i can add it to exclusion list ?

Sorry to double post but i go to a section and report a false positive its say a email so i will send to them ok ?

It depends where endbuild.bat resides so that is why asking in the MBAM False Positives area of the forum is best.

It’s not a surprise… it’s a bat file. Why would it be infected?
The problem is which commands (programs) it starts…

I dont even got the log anymore if i wanna go to the forum for report it as false positive lol… :frowning:

Edit : I did again another log.

Edit : I have email them and they did said what i have to do. So i think they will correct the false positive on the next update. Im sure.

Thank you all.

Mr.Agent

Hi shiw liang,

A false positive is when a virusscanner flags a dll, executable, process or anything else as malware and it is not malware but legit. Then we speak of a false positive. False positives is a risk of every scanner because malware and normal software can share the same heuristic characteristics, can use the same packers or “crypters” and then an anti virus scanner or anti-malware scanner can flag it. FP’s cannot always be avoided and sometimes it also depends on what the scanner sees as malcode. There is also a grey area for tools that can be legit in the hands of the user that has installed it himself, a so-called risktool (some flag netcat, Fport, MozillaCacheViewer from NirSoft (Tool-NirCmd (A or 3), etc.
A FP is really a problem when a virus scanner starts to flag and quarantine a file that is essential for the right functioning of the OS, it can then cripple it or cause a Blue Screen of Death even.
I know the makers of avast are always very keen to repair alleged FP’s and very often they come repaired in a next update of the iAVS. You can update a file that you think could be a FP to virustotal.com for a second op check against several scanners.

polonus