Jump to content

GeekFreak

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About GeekFreak

  • Rank
    New Member
  1. Decrypterfixer, it sounds like a reasonable explanation. I wanted to see if these updaters are actually removing themselves after installation, so I spot checked a few other PCs (none running MBARW) and some of them have the files and directories and some don't. But they are different OSs (Win7, 8.1 and 10) with different update schedules, so I can't find any exactly the same. But where the "patchman" folder and the "11" folder and the "lnsscomm.exe" file do exist, the patchman folder is over 150MB and contains over 1000 files and folders. But I'm not too concerned because, being upd
  2. tetonbob, in "Programs and Features" it's listed as "Advanced Monitoring Agent GP" by "Remote Monitoring Services". It's a tool installed and used by our outside monitoring company. It also pushes occasional patches, which I'm guessing was happening when MBAR flagged it. Decrypterfixer, yes, thanks. I had disabled Windows 10 "fast startup" under "Control Panel\All Control Panel Items\Power Options\System Settings". The folder has yet to appear after several reboots.
  3. The flagged files and several upstream directories do not exist. "C:\Program Files (x86)\Advanced Monitoring Agent" (aka C:\PROGRA~2\ADVANC~1) currently has 80 files and folders, but contains no "patchman" folder nor a folder called "11" nor a file called "lnsscomm.exe" The "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates" folder is empty. There is no "16.0.6965.2058" subdirectory nor a "OfficeClickToRun.exe" file. So the number of superdirectories removed is not even consistent. In one case, it removed the flagged file and the containing folder. In the other
  4. Thanks for replying tetonbob. I actually have no Quarantine directory in that location?! Should I create an empty directory? Is that directory created at installation or at the time an infection is discovered. Directory of C:\ProgramData\Malwarebytes\MBAMService 05/20/2016 12:13 PM <DIR> . 05/20/2016 12:13 PM <DIR> .. 06/21/2016 08:17 AM <DIR> ArwDetections 06/17/2016 04:58 PM <DIR> config 05/20/2016 12:05 PM <DIR> ctlrupdate 05/20/2016 12:04 PM <DIR> db 05/20/2016 12:0
  5. I've had 2 false positives so far and reported both. I'm glad you guys are working on this. However, when it says the files are moved to Quarantine, they are actually just being deleted as far as I can tell. Nothing is listed in the Quarantine tab at the time of the infection alert, nor after a reboot, nor after turning protection off. Are the files gone forever, or is there a way to actually recover them? Thanks! (I'm running 0.9.16.484 on Windows 10)
  6. Microsoft Office's ClickToRun.exe was flagged sometime around June 21st at 3am Again, MAR says it's quarantined, but it doesn't show up in quarantine and I am unable to restore these legitimate files. It's deleted everything from the following directory: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates I'm going to stop beta testing. This program is doing more damage than protection. If you can tell me how to restore these files, I might reconsider. Thanks and good luck. MBAMSERVICE.zip Malwarebytes Anti-Ransomware.zip
  7. The lnsscomm.exe file was flagged on June 10. I was running 0.9.15.416 (see attached screen shot) It was being added as part of Advanced Monitoring Agent patch management. I'm assuming it's safe, but I'm not 100% sure. It never showed up in Quarantine and I was unable to restore it. I've added my log file and Anti-Ransomware directory as requested Thanks for doing this! -GeekFreak MBAMSERVICE.zip Malwarebytes Anti-Ransomware.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.