Jump to content

codesmithery

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have been using this product for years and now it gets flagged by your AI engine as being malware. It wasn't Malware last week so what gives? Here are the scan logs. The product hasn't been updated in the last month either so the AI needs to go back to school. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/5/21 Scan Time: 5:30 PM Log File: 134f3048-9656-11eb-83b9-a4bb6dc1a5de.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.39123 License: Premium -System Information- OS: Windows 10 (Build 19042.867) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Quick Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 5169 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 0 min, 23 sec -Scan Options- Memory: Enabled Startup: Disabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Heuristics: Disabled PUP: Detect PUM: Detect -Scan Details- Process: 1 Malware.AI.2924143957, C:\PROGRAM FILES (X86)\SOFTLAND\BACKUP4ALL 8\BSERVICE.EXE, No Action By User, 1000000, 0, , , , , 7BA4E71A2EE1ED88AC770788D5D1E04D, 4D4BFD2BB25D21FC3843F758B0831F92393B10B58D29CFFBE4AC574966EDDA6A Module: 1 Malware.AI.2924143957, C:\PROGRAM FILES (X86)\SOFTLAND\BACKUP4ALL 8\BSERVICE.EXE, No Action By User, 1000000, 0, , , , , 7BA4E71A2EE1ED88AC770788D5D1E04D, 4D4BFD2BB25D21FC3843F758B0831F92393B10B58D29CFFBE4AC574966EDDA6A Registry Key: 1 Malware.AI.2924143957, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Backup4all8Srv, No Action By User, 1000000, 0, , , , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.2924143957, C:\PROGRAM FILES (X86)\SOFTLAND\BACKUP4ALL 8\BSERVICE.EXE, No Action By User, 1000000, 0, 1.0.39123, 1ABA5C47DE3313F7AE4AE555, dds, 01189154, 7BA4E71A2EE1ED88AC770788D5D1E04D, 4D4BFD2BB25D21FC3843F758B0831F92393B10B58D29CFFBE4AC574966EDDA6A Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  2. Malwarebytes is blocking msedgedriver.exe used by Selenium test harness. The msedgedriver.exe is downloaded from here: (https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/), Version: 84.0.522.61 x64
  3. Dyllon, Forgot to include these are standalone VMs with the web server connecting to the DB server for database calls. Also, I looked at the system32 folder and do not see the msvbvm60.dll there, so, something else is going on.
  4. Dyllon, Thanks for the info. Before I go down this rabbit hole, can you shed some like to me on this? Should I see entries within the Apps & features for VB 6? Right now, I do not. I only see the VC++ runtime installations. If I should, that would explain why you saw all those errors. It isn't installed and I am not sure if you should be installing if your package relies on it.
  5. Dyllon, On the web server VM there are six user profiles and on the DB VM 15 user profiles. I just timed the DB load of MBAM and it was 3:40 to load. Unloading is just as slow at about 2 minutes. I don't know if a second copy of mbam.exe is supposed to be loaded and in the initial logged in state, there is already a copy of mbam.exe listed in the processes. Even so, based on your description, once the app is loaded, it should display a splash screen so the user knows it is up and running. That has been in the MS UI guidelines forever. Why? Simply because windows 3.1 didn't load apps very quickly and it was one way to indicate to the user something was happening. Attached are the log files. mbst-grab-results-web.zip mbst-grab-results-db.zip
  6. Not sure what you mean by profiles. If you are equating users to profiles, no, there are few users on the server. One of the servers is a database server so there are 9 defined users within the Users folder. On the web server, there are 7 defined users within the User folder. In both cases there are 3 log-able users, the rest are users created by the system or services. When I ran the older version of MBAM on Windows 2012 R2, it had similar users defined and it never took that long to display. If it is doing what you suggest it may be doing, this is extremely poor UI design as the app appears to be loaded yet it is not providing any tactile response to the user that it is loaded. In fact, the first time I tried opening MBAM on the servers the other day, I wasn't aware of the issue and in the end, I started 4 copies of MBAM. Come on, this is a no brainer, you display a splash window to indicate you are alive and some status indicator you are hard at work in the salt mine.
  7. I am using Windows Server 2016 and when I try invoking MBAM either from the desktop or task bar icons, it can take up to two minutes to display. Why is it taking so long to display?
  8. Rich, I just updated my database and everything is good. Thanks for the quick turnaround.
  9. Rich, I figured as much. But there is nothing I or any other developer can do about that because VisualStudio builds that file. I precompile my web sites, but, if the source is deployed on the web server, ASP.NET will compile the file the first time the web site is requested. Many of the compile files of ASP.NET do not have a version or the 0.0.0.0 version numbers. I believe this has been the case since ASP.NET debuted over 15 years ago.
  10. Rich, I just did a custom scan and it flagged pretty much all my compiled projects. All of them were the App_GlobalResources DLL. FYI, the App_GlobalResources is a folder that ASP.NET compiles into a single DLL. It is a system folder as such and the programmer really has no control over how it is compiled. The programmer only has control as to the resource file contents they put into the folder.
  11. Rich, not sure what you are referring to. That file is created by VisualStudio when the project is compiled. I have no way of controlling that as it is part of the project build process and is shielded from me.
  12. I am getting the following error when trying to run a web application I am building (the application is an existing application that I have been working on for over 7 years). Update, 12/23/2014 2:28:43 PM, SYSTEM, M, Scheduler, Rootkit Database, 2014.12.23.1, 2014.12.23.2, Protection, 12/23/2014 2:28:43 PM, SYSTEM, M, Protection, Refresh, Starting, Protection, 12/23/2014 2:28:43 PM, SYSTEM, M, Protection, Malicious Website Protection, Stopping, Protection, 12/23/2014 2:28:43 PM, SYSTEM, M, Protection, Malicious Website Protection, Stopped, Protection, 12/23/2014 2:28:53 PM, SYSTEM, M, Protection, Refresh, Success, Protection, 12/23/2014 2:28:53 PM, SYSTEM, M, Protection, Malicious Website Protection, Starting, Protection, 12/23/2014 2:28:53 PM, SYSTEM, M, Protection, Malicious Website Protection, Started, Detection, 12/23/2014 4:38:29 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cervelo.rma.v4\993b700e\a741cb95\App_GlobalResources.twt0whf0.dll, Quarantine Failed, 5, Access is denied. , [c47f1155502cad891599b4475fa20ff1] Detection, 12/23/2014 4:38:33 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cervelo.rma.v4\993b700e\a741cb95\App_GlobalResources.vtgvgiyf.dll, Quarantine Failed, 5, Access is denied. , [ad96e1859ae250e6a40ab744b64b857b] Detection, 12/23/2014 4:39:13 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cervelo.rma.v4\993b700e\a741cb95\App_GlobalResources.i6fe9khi.dll, Quarantine Failed, 5, Access is denied. , [4102d98d5b21be78347a2bd012ef9f61] Detection, 12/23/2014 4:41:01 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cervelo.rma.v4\993b700e\a741cb95\App_GlobalResources.lzfutpzd.dll, Quarantine Failed, 5, Access is denied. , [9ca772f4413b2016416d34c7e41d17e9] Detection, 12/23/2014 4:44:54 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\focus\0b353ad7\f6a9e84f\App_GlobalResources.qyvhafcd.dll, Quarantine Failed, 5, Access is denied. , [093abea8f28a26105757ca3137caf30d] Detection, 12/23/2014 4:46:29 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\focus\0b353ad7\f6a9e84f\App_GlobalResources.zkn8hsac.dll, Quarantine Failed, 5, Access is denied. , [55ee3d29ff7d1d19119d1edd3ec39967] Update, 12/23/2014 4:53:34 PM, SYSTEM, M, Manual, Malware Database, 2014.12.23.7, 2014.12.23.8, Protection, 12/23/2014 4:53:34 PM, SYSTEM, M, Protection, Refresh, Starting, Protection, 12/23/2014 4:53:34 PM, SYSTEM, M, Protection, Malicious Website Protection, Stopping, Protection, 12/23/2014 4:53:34 PM, SYSTEM, M, Protection, Malicious Website Protection, Stopped, Protection, 12/23/2014 4:53:46 PM, SYSTEM, M, Protection, Refresh, Success, Protection, 12/23/2014 4:53:46 PM, SYSTEM, M, Protection, Malicious Website Protection, Starting, Protection, 12/23/2014 4:53:46 PM, SYSTEM, M, Protection, Malicious Website Protection, Started, Detection, 12/23/2014 4:54:52 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cervelo.rma.v4\993b700e\a741cb95\App_GlobalResources.w60pabos.dll, Quarantine Failed, 5, Access is denied. , [1a2a363084f8bb7bf5bc11ea778a24dc] Detection, 12/23/2014 4:55:26 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\focus\0b353ad7\f6a9e84f\App_GlobalResources.wiuoltlj.dll, Quarantine Failed, 5, Access is denied. , [96aee3832557f4422988fdfe09f8768a] Detection, 12/23/2014 4:55:56 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\focus\0b353ad7\f6a9e84f\App_GlobalResources.fkhzqmpc.dll, Quarantine Failed, 5, Access is denied. , [1c28c99d017bc0765b564bb04cb5d729] Detection, 12/23/2014 4:57:25 PM, SYSTEM, M, Protection, Malware Protection, File, Trojan.MSIL.ED, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\focus\0b353ad7\f6a9e84f\App_GlobalResources.ptxi-vgf.dll, Quarantine Failed, 5, Access is denied. , [58ec580e2b51c175466bce2d887910f0] It appears to affect two web sites within the same project. However, on a different project, I do not get the same error even though the same files are contain with the project in that particular folder of the source code. The error occurs when I try loading the web site on my local machine (which is where I am developing it). Problem is, I am trying to solve a problem and this has stopped me dead in my tracks. I have attached the DLL in question. app_global.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.