JM Safe

From Zemana
Developer
Verified
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : 645BFB545BFA63DF94D6B2B453C32A89
Status : Scanned
Object : c:\windows\system32\winmm.dll
Publisher :
Size : 126056
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : CA1E019BDB26DA419E1035E048C3AF25
Status : Scanned
Object : c:\windows\system32\xmllite.dll
Publisher :
Size : 230816
Detection : Suspicious:SRC!P
Action : Quarantine

MD5 : 5090F0D376CC4219B2E0621694BD1134
Status : Scanned
Object : c:\windows\system32\dnsrslvr.dll
Publisher :
Size : 252416
Detection : Suspicious:SRC!P
Action : Quarantine

The same Files from the System32 Folder

dnsrslvr.dll


winmm.dll


XmlLite.dll


The same Files from the System64 Folder

winmm.dll


XmlLite.dll


With best Regards
Mops21
False positive:

Detections

MD5   :248A20F70D8DB28212A8B78FDCA60E8B
Status   : Scanned
Object   : c:\windows\system32\dssenh.dll
Publisher   : Microsoft Windows
Size   : 152344
Detection   : Suspicious:SRC!P
Action   : Report
This is a false positive. I use this search engine all the time. It is called Ecosia.

View attachment 214433

Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you :)

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.
 

Andrew999

Level 22
Verified
Hello guys, we will look into them.

Hello Andrew, unfortunately this is not a false positive. Ecosia is a known unwanted item, if you want to use it please exclude it, thank you :)

P.S. post reposted because I don't know why, but there was a post not done by me in my post, maybe merged wrongly by a mod. Already reported this to a mod.
Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about
 

Mops21

Level 26
Content Creator
Trusted
Verified
Hi @JM Safe

Thank you very much for your Infos

I will wait for your answer again for the Files

With best Regards
Mops21
 

JM Safe

From Zemana
Developer
Verified
Ok, I do not know why it is an unwanted item. It is a legit website in my opinion and millions of people use it. It is not bundleware too, but I guess it is up to you's to decide. https://info.ecosia.org/about
The object is not properly malicious but it is detected because it is annoying the fact it changes new tab page in the browser and default search engine.
 

Moonhorse

Level 26
Content Creator
Verified
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


 
Last edited:

Andrew999

Level 22
Verified
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


Same issue for me.
 
  • Like
Reactions: JM Safe

JM Safe

From Zemana
Developer
Verified
MD5 : A5154D4EDF393E4EF439128F5C52A392
Status : Scanned
Object : c:\program files\checkmal\appcheck\appchecks.exe
Publisher : CheckMAL Inc.
Size : 1194008
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : EAF6BC1DEEC928DE68CD577599BAB09B
Status : Scanned
Object : c:\windows\system32\appcheck64.dll
Publisher : CheckMAL Inc.
Size : 1321760
Detection : Suspicious:SRC!P


Same issue for me.
Hey guys, thanks for reporting. We will look into them. :)
 

Mops21

Level 26
Content Creator
Trusted
Verified
Hi @@JM Safe and Hi @@Miss Onnellisuus and Hi @@ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

Can you say have you get the Files

With best Regards
Mops21
 

Attachments

Last edited:

Andrew999

Level 22
Verified
Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.


MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP
 
  • Like
Reactions: harlan4096

JM Safe

From Zemana
Developer
Verified
Seems like this is a false positive. It is for a plugin for whitelisting specific Youtube channels with Ublock Origin.


MD5 :
Status : Scanned
Object : c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ly3viy6x.default-release\extensions\{ea0ef8bb-6734-4970-b574-2099e836d636}.xpi
Publisher :
Size : 0
Detection : HijackExt:FirefoxPlugin/{ea0ef8bb-6734-4970-b574-2099e836d636}
Action : ReportAsFP
We will look into it, thanks @Andrew999
 
  • Thanks
Reactions: Andrew999

Mops21

Level 26
Content Creator
Trusted
Verified
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

The Feedback is submiited via the function to you

MD5 : B969CF0C7B2C443A99034881E8C8740A
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe
Publisher : Adobe Inc.
Size : 2571312
Detection : Suspicious:SRC!P
Action : ReportAsFP

MD5 : 9AEBA3BACD721484391D15478A4080C7
Status : Scanned
Object : c:\program files (x86)\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
Publisher : Adobe Inc.
Size : 9475120
Detection : Suspicious:SRC!P
Action : ReportAsFP

AcroRd32.exe


rdrcef.exe


With best Regards
Mops21
 

Attachments

Mops21

Level 26
Content Creator
Trusted
Verified
Hi @JM Safe and Hi @Miss Onnellisuus and Hi @ZAM3_PO

I have another False Positives for you see my screenshot

MD5 : 5DD1FB433EF48F67ABF7B234A2F18490
Status : Scanned
Object : c:\windows\system32\fhtask.dll
Publisher :
Size : 60928
Detection : Suspicious:SRC!P
Action : ReportAsFP

fhtask.dll


With best Regards
Mops21
 

Attachments

  • Like
Reactions: harlan4096