Assigned Zemana False Positive Report Thread

  • Thread starter Deleted Member 333v73x
  • Start date
This thread is being handled by a member of the staff.

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
This is a false positive. I use this search engine all the time. It is called Ecosia.

1559520371719.png


 
  • Like
Reactions: harlan4096

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 645BFB545BFA63DF94D6B2B453C32A89
Status : Scanned
Object : c:\windows\system32\winmm.dll
Publisher :
Size : 126056
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : CA1E019BDB26DA419E1035E048C3AF25
Status : Scanned
Object : c:\windows\system32\xmllite.dll
Publisher :
Size : 230816
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : 5090F0D376CC4219B2E0621694BD1134
Status : Scanned
Object : c:\windows\system32\dnsrslvr.dll
Publisher :
Size : 252416
Detection : Suspicious:SRC!P
Action : Quarantine

The same Files from the System32 Folder

dnsrslvr.dll


winmm.dll


XmlLite.dll


The same Files from the System64 Folder

winmm.dll


XmlLite.dll


With best Regards
Mops21
False positive:

Detections

MD5   :248A20F70D8DB28212A8B78FDCA60E8B
Status   : Scanned
Object   : c:\windows\system32\dssenh.dll
Publisher   : Microsoft Windows
Size   : 152344
Detection   : Suspicious:SRC!P
Action   : Report
This is a false positive. I use this search engine all the time. It is called Ecosia.

View attachment 214433

Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you :)

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.
 

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you :)

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.
Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @JM Safe

Thank you very much for your Infos

I will wait for your answer again for the Files

With best Regards
Mops21
 

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about
The object is not properly malicious but it is detected because it is annoying the fact it changes new tab page in the browser and default search engine.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


 
Last edited:

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


Same issue for me.
 
  • Like
Reactions: JM Safe

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


Same issue for me.
Hey guys, thanks for reporting. We will look into them. :)
 

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

Can you say have you get the Files

With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware scan Juni 2019 Part 1.jpg
    Zemana Anti-Malware scan Juni 2019 Part 1.jpg
    155 KB · Views: 504
  • Zemana Anti-Malware scan Juni 2019 Part 2.jpg
    Zemana Anti-Malware scan Juni 2019 Part 2.jpg
    209.7 KB · Views: 516
  • Zemana Anti-Malware scan Juni 2019 Part 3.jpg
    Zemana Anti-Malware scan Juni 2019 Part 3.jpg
    212.1 KB · Views: 498
Last edited:

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.


MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP
 
  • Like
Reactions: harlan4096

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.


MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP
We will look into it, thanks @Andrew999
 
  • Thanks
Reactions: Andrew999

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : B969CF0C7B2C443A99034881E8C8740A
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe
Publisher : Adobe Inc.
Size : 2571312
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : 9AEBA3BACD721484391D15478A4080C7
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
Publisher : Adobe Inc.
Size : 9475120
Detection : Suspicious:SRC!P
Action : ReportAsFP

AcroRd32.exe


rdrcef.exe


With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware scan vom Juni 2019.01.jpg
    Zemana Anti-Malware scan vom Juni 2019.01.jpg
    144.1 KB · Views: 488

Mops21

Level 36
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,503
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

MD5 : 5DD1FB433EF48F67ABF7B234A2F18490
Status : Scanned
Object : c:\windows\system32\fhtask.dll
Publisher :
Size : 60928
Detection : Suspicious:SRC!P
Action : ReportAsFP

fhtask.dll


With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware Juni 2019 FPs 089.jpg
    Zemana Anti-Malware Juni 2019 FPs 089.jpg
    144.4 KB · Views: 497

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : B969CF0C7B2C443A99034881E8C8740A
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe
Publisher : Adobe Inc.
Size : 2571312
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : 9AEBA3BACD721484391D15478A4080C7
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
Publisher : Adobe Inc.
Size : 9475120
Detection : Suspicious:SRC!P
Action : ReportAsFP

AcroRd32.exe


rdrcef.exe


With best Regards
Mops21
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

MD5 : 5DD1FB433EF48F67ABF7B234A2F18490
Status : Scanned
Object : c:\windows\system32\fhtask.dll
Publisher :
Size : 60928
Detection : Suspicious:SRC!P
Action : ReportAsFP

fhtask.dll


With best Regards
Mops21
Hello @Mops21 , thanks. We will look into them.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
MD5 : F8CFE5024851EE222AA176CAC577CC81
Status : Scanned
Object : c:\users\joni\appdata\local\runeliteplus\runeliteplus.exe
Publisher :
Size : 416256
Detection : Suspicious:SRC!P
Action : Quarantine

Clean for now, easy to run malicious code as rat thought
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top