Assigned Zemana False Positive Report Thread

[Andrew999]

This is a false positive. I use this search engine all the time. It is called Ecosia.

 

[JM Safe]

Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 645BFB545BFA63DF94D6B2B453C32A89
Status : Scanned
Object : c:\windows\system32\winmm.dll
Publisher :
Size : 126056
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : CA1E019BDB26DA419E1035E048C3AF25
Status : Scanned
Object : c:\windows\system32\xmllite.dll
Publisher :
Size : 230816
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : 5090F0D376CC4219B2E0621694BD1134
Status : Scanned
Object : c:\windows\system32\dnsrslvr.dll
Publisher :
Size : 252416
Detection : Suspicious:SRC!P
Action : Quarantine

The same Files from the System32 Folder

dnsrslvr.dll

VirusTotal

VirusTotal

www.virustotal.com

winmm.dll

VirusTotal

VirusTotal

www.virustotal.com

XmlLite.dll

VirusTotal

VirusTotal

www.virustotal.com

The same Files from the System64 Folder

winmm.dll

VirusTotal

VirusTotal

www.virustotal.com

XmlLite.dll

VirusTotal

VirusTotal

www.virustotal.com

With best Regards
Mops21

False positive:

Detections

MD5	:	248A20F70D8DB28212A8B78FDCA60E8B
Status	:	Scanned
Object	:	c:\windows\system32\dssenh.dll
Publisher	:	Microsoft Windows
Size	:	152344
Detection	:	Suspicious:SRC!P
Action	:	Report

This is a false positive. I use this search engine all the time. It is called Ecosia.

View attachment 214433

Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.

 

[Andrew999]

Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.

Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about

 

[Mops21]

Hi @JM Safe

Thank you very much for your Infos

I will wait for your answer again for the Files

With best Regards
Mops21

 

[JM Safe]

Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about

The object is not properly malicious but it is detected because it is annoying the fact it changes new tab page in the browser and default search engine.

 

[Moonhorse]

MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P

VirusTotal

VirusTotal

www.virustotal.com

VirusTotal

VirusTotal

www.virustotal.com

 

[Andrew999]

MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P

VirusTotal

VirusTotal

www.virustotal.com

VirusTotal

VirusTotal

www.virustotal.com

Same issue for me.

 

[JM Safe]

MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P

VirusTotal

VirusTotal

www.virustotal.com

VirusTotal

VirusTotal

www.virustotal.com

Same issue for me.

Hey guys, thanks for reporting. We will look into them.

 

[Mops21]

Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

Can you say have you get the Files

With best Regards
Mops21

 

[JM Safe]

Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

Can you say have you get the Files

With best Regards
Mops21

Hello @Mops21 , thank you for reporting this, we will look into them.

 

[Mops21]

Hello @Mops21 , thank you for reporting this, we will look into them.

Hi @JM Safe

Thank you very much for yxour infos

I will wait for your infos

With best Regards
Mops21

 

[Andrew999]

Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.

YouTube Channel Whitelist for uBlock Origin

Exempt your favorite channels from adblocking.

chrome.google.com

GitHub - x0a/uBO-YouTube: Easier way to exempt your favorite YouTube channels from adblocking.

Easier way to exempt your favorite YouTube channels from adblocking. - x0a/uBO-YouTube

github.com

MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP

 

[JM Safe]

Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.

YouTube Channel Whitelist for uBlock Origin

Exempt your favorite channels from adblocking.

chrome.google.com

GitHub - x0a/uBO-YouTube: Easier way to exempt your favorite YouTube channels from adblocking.

Easier way to exempt your favorite YouTube channels from adblocking. - x0a/uBO-YouTube

github.com

MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP

We will look into it, thanks @Andrew999

 

[Mops21]

Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : B969CF0C7B2C443A99034881E8C8740A
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe
Publisher : Adobe Inc.
Size : 2571312
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : 9AEBA3BACD721484391D15478A4080C7
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
Publisher : Adobe Inc.
Size : 9475120
Detection : Suspicious:SRC!P
Action : ReportAsFP

AcroRd32.exe

VirusTotal

VirusTotal

www.virustotal.com

rdrcef.exe

VirusTotal

VirusTotal

www.virustotal.com

With best Regards
Mops21

 

[Mops21]

Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

MD5 : 5DD1FB433EF48F67ABF7B234A2F18490
Status : Scanned
Object : c:\windows\system32\fhtask.dll
Publisher :
Size : 60928
Detection : Suspicious:SRC!P
Action : ReportAsFP

fhtask.dll

VirusTotal

VirusTotal

www.virustotal.com

With best Regards
Mops21

 

[JM Safe]

Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : B969CF0C7B2C443A99034881E8C8740A
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe
Publisher : Adobe Inc.
Size : 2571312
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : 9AEBA3BACD721484391D15478A4080C7
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
Publisher : Adobe Inc.
Size : 9475120
Detection : Suspicious:SRC!P
Action : ReportAsFP

AcroRd32.exe

VirusTotal

VirusTotal

www.virustotal.com

rdrcef.exe

VirusTotal

VirusTotal

www.virustotal.com

With best Regards
Mops21

Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

MD5 : 5DD1FB433EF48F67ABF7B234A2F18490
Status : Scanned
Object : c:\windows\system32\fhtask.dll
Publisher :
Size : 60928
Detection : Suspicious:SRC!P
Action : ReportAsFP

fhtask.dll

VirusTotal

VirusTotal

www.virustotal.com

With best Regards
Mops21

Hello @Mops21 , thanks. We will look into them.

 

[Mops21]

Hi @JM Safe

Thank you very much for your Infos

I will wait for your Feedback again

With best Regards
Mops21

 

[Moonhorse]

MD5 : F8CFE5024851EE222AA176CAC577CC81
Status : Scanned
Object : c:\users\joni\appdata\local\runeliteplus\runeliteplus.exe
Publisher :
Size : 416256
Detection : Suspicious:SRC!P
Action : Quarantine

VirusTotal

VirusTotal

www.virustotal.com

Clean for now, easy to run malicious code as rat thought

 

[JM Safe]

MD5 : F8CFE5024851EE222AA176CAC577CC81
Status : Scanned
Object : c:\users\joni\appdata\local\runeliteplus\runeliteplus.exe
Publisher :
Size : 416256
Detection : Suspicious:SRC!P
Action : Quarantine

VirusTotal

VirusTotal

www.virustotal.com

Clean for now, easy to run malicious code as rat thought

Thank you @Moonhorse , we will look into it.

 

[eonline]

Macro - Aplicaciones en Google Play

Nueva Banca Móvil de Macro. Cerca siempre.

play.google.com

Hello, a false positive from the mobile security application. Best regards.