Jump to content

jmcleod83

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by jmcleod83

  1. This morning I am noticing a lot of threats that were quarantined that has to do with Ransom.Crysis. id this a false positive because they all point to a file:orgchart.exe? Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined Anti-Malware C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined Anti-Malware C:\Program Files\Microsoft Office 15\Data\Updates\Apply\PackageFiles\root\Office15\ORGCHART.EXE Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined Anti-Malware C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined Anti-Malware HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ORGCHART.EXE Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined Anti-Malware HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ORGCHART.EXE Ransom.Crysis 9/2/2016 4:46:35 AM Quarantined Anti-Malware C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\16.0.6965.2076\root\Office16\ORGCHART.EXE
  2. So then is it a concern for me to find the client, or leave as is because Malwarebytes is doing its job?
  3. thank you Lazz, that makes sense. is there any way to find what client is the culprit? could it be any device on the network that may not have Malwarebytes installed, for example an iPhone or tablet?
  4. since this week i am noticing this pop up on my App/DC server and in the threats view of Malwarebytes. Blocked web site 8/31/2016 11:23:40 AM Type: outgoing, Port: 137 122.228.198.140 Anti-Malware "my internal Server Name" internal domain.local "server local ip" 00-26-55-FF-A4-E8 Blocked web site 8/31/2016 11:23:32 AM Type: outgoing, Port: 62707, Process: dns.exe 122.228.198.140 Anti-Malware "my internal Server Name" internal domain.local "server local ip " 00-26-55-FF-A4-E8 the server in question is an app server and a domain controller/dns server. what could be causing this??
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.