Author Topic: ===> False Positives <===  (Read 331420 times)

0 Members and 2 Guests are viewing this topic.

Reply #270March 06, 2018, 11:04:31 PM

Kylyx

  • Newbie

  • Offline
  • *

  • 9
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #270 on: March 06, 2018, 11:04:31 PM »
Hi Kylyx,

Thanks for your feedback again.
I'm sorry but these won't be whitelisted. Viewpoint Media Player is detected as PUP since it's often being installed without user consent and actively collect user data.

However, as a Premium user, you can manually whitelist it using RogueKiller External Scanner.

Regards.

No problem, thanks! Will look into whitelisting.

Reply #271March 07, 2018, 02:21:47 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #271 on: March 07, 2018, 02:21:47 PM »
Hi Kylyx,

Thanks for your understanding

Regards.

Reply #272March 10, 2018, 11:15:55 PM

Grahampembs

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #272 on: March 10, 2018, 11:15:55 PM »
Would someone kindly have a look at this text file for me; it's the 3 items beginning Hj.Name that are of some concern but I believe them to be False Positives.  The others are generated mostly by my glasswire app.  Thank you.

Reply #273March 10, 2018, 11:41:43 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #273 on: March 10, 2018, 11:41:43 PM »
Hi Grahampembs,

Welcome to Adlice.com Forum.
Do you run Hyper-V on this computer ?

Regards.

Reply #274March 11, 2018, 01:13:52 AM

Grahampembs

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #274 on: March 11, 2018, 01:13:52 AM »
Hello!  I've not enabled it in program features but it is capable of being run on this pc according to systeminfo32.

Reply #275March 11, 2018, 08:40:55 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #275 on: March 11, 2018, 08:40:55 PM »
Hi Grahampembs,

Thanks for your feedback.
These entries are indeed false positives. We will fix this as soon as possible.

Regards.

Reply #276March 11, 2018, 10:17:10 PM

Grahampembs

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #276 on: March 11, 2018, 10:17:10 PM »
Hello again,
OK, thanks for confirming!

Reply #277March 12, 2018, 02:06:54 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #277 on: March 12, 2018, 02:06:54 AM »
Hi Grahampembs,

You are very welcome.

Regards.

Reply #278September 15, 2018, 05:20:00 PM

coldi

  • Newbie

  • Offline
  • *

  • 20
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #278 on: September 15, 2018, 05:20:00 PM »
Hi there, I think I stumbled on a false positive. Latest scan detected the  world of warcraft .exe as something seemingly harmful. I add the report.
best regards

Reply #279September 15, 2018, 07:11:37 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #279 on: September 15, 2018, 07:11:37 PM »
Hi coldi,

We need to retrieve more information.
Please follow the following process :
  • Download Process Explorer (x64) and save it to your desktop.
  • Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
  • Locate the process named Wow.exe, do a right click on it and select Create Dump > Create Full Dump...
  • Save the dump on your desktop and compress it.
  • Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.
Regards.

Reply #280September 16, 2018, 03:09:02 PM

coldi

  • Newbie

  • Offline
  • *

  • 20
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #280 on: September 16, 2018, 03:09:02 PM »
Sorry took a moment but here https://drive.google.com/file/d/15YH_ZymVP9ohOxTfGGwpVIbrhE77NpLG/view is the file.

regards

Reply #281September 21, 2018, 08:49:21 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #281 on: September 21, 2018, 08:49:21 PM »
Hi coldi,

Thanks.
We will fix this as soon as possible.

Regards.

Reply #282October 30, 2018, 12:02:16 PM

photix148

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #282 on: October 30, 2018, 12:02:16 PM »
Hi,

After analysis with RogueKiller, I received a report reporting "PUP"
files in my Wise Care 365 software. I attach this report to my
message.

Should I take this alert into account?

Best regards.

Jean-Claude Laffitte


---------------------------
RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Gratuit) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Système d'exploitation : Windows 10 (10.0.17763) 64 bits version
Démarré en  : Mode normal
Utilisateur : ASUS [Administrateur]
Démarré depuis : C:\Users\ASUS\Documents\RogueKiller_portable64.exe
Mode : Scan -- Date : 10/24/2018 21:59:41 (Durée : 00:21:51)

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 0 ¤¤¤

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 4 ¤¤¤
[PUP.Wise][Fichier] C:\Users\ASUS\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\TaskBar\Wise Care 365.lnk [LNK@]
C:\PROGRA~2\Wise\WISECA~1\WISECA~1.EXE -> Trouvé(e)
[PUP.Wise][Fichier] C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Wise Care 365\Wise Care 365.lnk [LNK@]
C:\PROGRA~2\Wise\WISECA~1\WISECA~1.EXE -> Trouvé(e)
[PUP.Wise][Fichier] C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Wise Data Recovery\Wise Data Recovery.lnk [LNK@]
C:\PROGRA~2\Wise\WISEDA~1\WISEDA~1.EXE -> Trouvé(e)
[PUP.Wise][Répertoire] C:\Program Files (x86)\Wise -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] :
session.startup_urls
[chrome://bookmarks/?id=26|http://flybox.home/home/index.html|https://mail.google.com/mail/u/0/h/15djwt4ojuram/?&]
-> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] e1b214c10207dab0acfd8e740c17e1fb
[BSP] 95d306160c073e793ff501013a9f2d28 : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048
| Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors):
1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 233536 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 479444992 | Size: 896 MB
5 - Basic data partition | Offset (sectors): 481282048 | Size: 241939 MB
User = LL1 ... OK
User = LL2 ... OK



2018-06-11 7:12 UTC, sales <sales@wisecleaner.com>:
> Dear Jean-Claude Laffitte,
>
> Thank you for your email.
> It is a reminder of renewing wise care 365 sent from Mycommerce system, it
> doesn't know you have renewed wise care 365 manually.
> Sorry for it, I will cancel it soon.
>
> Any further questions, please feel free to contact us.
>
> Have a nice day!
> Best regards,
> Ivan

Reply #283October 30, 2018, 07:03:29 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: ===> False Positives <===
« Reply #283 on: October 30, 2018, 07:03:29 PM »
Hi photix,

Welcome to Adlice.com Forum.

Wise products are labelled as PUP (potentially unwanted software), because Wise used shady commercial practises (aggressive marketing, buying bundles to be installed alongside with popular software, etc.). Usually, we use the same criteria as MalwareBytes to flag a product as PUP : https://www.malwarebytes.com/pup/

However, if you bought it yourself, you can safely ignore the detections.

Regards.

Reply #284October 30, 2018, 08:21:37 PM

photix148

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ===> False Positives <===
« Reply #284 on: October 30, 2018, 08:21:37 PM »
Hi Curson,

I finally understood the reasons for these PUPs.  I bought WiseCare myself, so I can safely ignore the detections. Thanks.
Best Regards.

Photix