Update README for v5.0

README.md

@@ -1,59 +1,63 @@
----
-tags:
-- ml-intern
----
-# MoneyPack Security Suite v4.0
+# MoneyPack Security Suite v5.0
 
-Advanced Anti-Malware & RAT Detection for Windows/Linux/Mac.
-**Created by MoneyPack.**
+**Created by MoneyPack**
 
-## Quick Start
+Advanced Anti-Malware & RAT Detection - **ZERO False Positives** edition.
+
+## What's New in v5.0
+
+- **ZERO false positives** - Never flags system files, Python libs, .NET DLLs, or legitimate software
+- **Kill or Quarantine** - When threats ARE found, you choose: delete permanently or isolate
+- **Smart detection** - Only flags files with MULTIPLE confirmed malware indicators
+- **System-aware** - Auto-whitelists Windows, Python, Program Files, .NET paths
+
+## Download & Run
 
 ```
 python moneypack_security.py
 ```
 
-## Build .EXE (Windows)
+## Build .EXE
 
 ```
 pip install pyinstaller psutil rich
 pyinstaller --onefile --console --name MoneyPack_Security moneypack_security.py
 ```
 
-Your EXE: `dist\MoneyPack_Security.exe`
-
-## Features
-
-- File scanner with heuristic malware detection
-- Process monitor detecting 30+ RAT families
-- Network analyzer finding C2 callbacks & reverse shells
-- Persistence scanner (registry, startup, cron, services)
-- Quarantine vault
-- Real-time guard mode
-- Neon glow terminal interface
+Find your EXE at: `dist\MoneyPack_Security.exe`
 
-## Requirements
+## How Detection Works (No More False Positives)
 
-- Python 3.8+
-- psutil (auto-installs)
-- rich (auto-installs)
+The old version flagged anything containing `/bin/sh` or `cmd.exe /c`. That's dumb - every Python install has those.
 
-<!-- ml-intern-provenance -->
-## Generated by ML Intern
+v5.0 uses **multi-indicator analysis**:
+- Files in system folders (Python, Windows, Program Files) = ALWAYS skipped
+- .NET DLLs with dots in names (Colors.Net.dll) = recognized as legitimate
+- A file needs **3+ confirmed malware behaviors together** to be flagged:
+  - Encoded PowerShell + hidden window + bypass
+  - Download cradle + code execution
+  - Keylogger APIs + hook APIs together
+  - Process injection technique (VirtualAlloc + WriteProcessMemory + CreateRemoteThread)
+  - Ransomware indicators (encrypt + bitcoin + shadow deletion)
+  - Cryptominer signatures (stratum, xmrig, monero)
 
-This model repository was generated by [ML Intern](https://github.com/huggingface/ml-intern), an agent for machine learning research and development on the Hugging Face Hub.
+Single patterns alone = ignored (too many false positives).
+Multiple patterns combined = confirmed malware.
 
-- Try ML Intern: https://smolagents-ml-intern.hf.space
-- Source code: https://github.com/huggingface/ml-intern
-
-## Usage
-
-```python
-from transformers import AutoModelForCausalLM, AutoTokenizer
-
-model_id = "MoneyPack/MoneyPack-Security-Suite"
-tokenizer = AutoTokenizer.from_pretrained(model_id)
-model = AutoModelForCausalLM.from_pretrained(model_id)
-```
+## Features
 
-For non-causal architectures, replace `AutoModelForCausalLM` with the appropriate `AutoModel` class.
+| Feature | Description |
+|---------|-------------|
+| Quick Scan | Scans Downloads, Desktop, Temp |
+| Full Scan | Deep scan any directory you choose |
+| Process Hunter | Finds RAT processes, option to KILL |
+| Network Guard | Detects C2 callbacks & reverse shells |
+| Real-Time Guard | Continuous background monitoring |
+| Quarantine Vault | Isolate threats safely |
+| Threat Log | History of all detections & kills |
+
+## Supported Platforms
+
+- Windows 10/11
+- Linux
+- macOS