Jump to content


Honorary Members
  • Posts

  • Joined

  • Last visited

Everything posted by AlexLeadingEdge

  1. Hi AdvancedSetup, Do we know what caused this? Do you know what the command was that was blocked? Has it stopped something from running / installing? If it helps, this end user has Office 365.
  2. As requested. Malwarebytes Diagnostics.zip
  3. I have sent the command to download the Diagnostic Logs, but I see the device has gone offline, which is not a shocker since it is 5:07pm now :)
  4. Hi guys, My client has just bought a brand new Surface Pro 7 and I'm seeing this popping up: Malware.Exploit.Agent.Generic Blocked AE exploit ComSpec=C:\windows\system32\cmd.exe 2021-09-08 03:49:42 PM Any ideas how I figure out what Malwarebytes is unhappy about?
  5. I see that VirusTotal isn't updating properly. If you hit "Reanalyse file" it doesn't seem to actually refresh the screen. If you close the tab and open it again to the same link it has updated to the correct details. Perhaps a caching issue. I only noticed it this time around because I hit refresh and it still said "last scanned 10 days ago" after refreshing. //Edit: Yep, it has done it again. Still saying 15 days after clicking "Reanalyse file".
  6. How odd that it would change within the 22 minute gap between me checking and you checking! Oh well... thanks for your help :)
  7. Arduino software, picks up a file in the tools folder: C:\PROGRAM FILES (X86)\ARDUINO\HARDWARE\TOOLS\AVR\BIN\AVR-GCOV.EXE Released and scanned with Malwarebytes, it no longer picks it up, but uploading it to VirusTotal it says that Malwarebytes is the only vendor that sees it as infected. https://www.virustotal.com/gui/file/5a37ccb04abb80f724944b7b57f64672a9864c18cd8139e5a3b3a86c04842aa3 avr-gcov.zip
  8. A part of MYOB's Accountant's Office package. This stops the package from opening. C:\MYOBAO\AOSQL\Central\Deploy\UIHelperClasses.dll Nothing found at VirusTotal: https://www.virustotal.com/gui/file/ce30bc921570ecc1e91df431518fd946d66b81c9952eac2e816170423f011648 UIHelperClasses.zip
  9. This has been detected today. Detection is still active. VirusTotal says no hits. https://www.virustotal.com/gui/file/d741779df9db60fac66913ffcabde259519c79c14fbbd7bb4e06377b0a664c31/detection KmInst64.zip
  10. Hi Mieke, Malwarebytes isn't detecting it now. Sorry for wasting your time.
  11. Hi Mieke, Malwarebytes isn't detecting it now. Sorry for wasting your time.
  12. Believed to be a False Positive. Five vendors consider it to be malicious at VirusTotal. As far as I know it is part of the AutoDesk Product Design Suite 2017 installer. https://www.virustotal.com/gui/file/5f023ae69d28a1a427e36958804f6afdf88e0d9002e0016b9608ccee5c34be68/detection
  13. I believe this is a False Positive. File is attached. We installed this two years ago and haven't had any (known) issues. Zero hits at VirusTotal. https://www.virustotal.com/gui/file/ce8522dd27f2c5ec95a67cd6d14e82892bd8642d4a78d7cff57b5dfd26a9700a/detection ExchangeRulesProSetupENx64.zip
  14. We use Gmail, and we have separate accounts. Domain is irrelevant as it is web-based. We use Endpoint Protection.
  15. Hi guys, We are using OneView and I've just added a new computer to it. I ran a Scan & Quarantine on this new machine (a terminal server) and it found 40+ items. I never got an email notification about the detections, but my boss did. I looked in Nebula on the company site and everything is ticked for notifications, yet still no email. Any idea why I am not getting the emails but my boss is? We both use the same email system.
  16. Hi guys, I keep seeing this popping up in my quarantine: PUM.Optional.DisabledSecurityCenter Reg, Value PUM Quarantined HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY By default TS Plus turns off the AV notifications for some reason. Not sure why exactly, but I'd don't want to mess with the terminal server software so I want to whitelist it. We have third party AV with Malwarebytes and BitDefender, with BitDefender turning off Windows Defender anyway. Do I add the exclusion as: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER or HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY I guess the question is if the dword or key is the object that I whitelist.
  17. The location is the SolarWinds Patch Management cache. I don't know what this file is, some sort of update patch for one of our software packages I assume. Two vendors have flagged it in VirusTotal. CrowdStrike gives it a 60% confidence that it is a virus. https://www.virustotal.com/gui/file/1519a153cd3b93c1e56ad5f6ffc98195e2c68e963a14a74558b7b4c0adbf4e55/detection C:\PROGRAMDATA\MSPPLATFORM\FILECACHESERVICEAGENT\CACHE\A3B68742-F6D4-4DF1-B217-B7EC66B4C314.1.EXE File attached with password 'infected' a3b68742-f6d4-4df1-b217-b7ec66b4c314.1.zip
  18. Isn't that Microsoft's default universal driver?
  19. A print driver CAB file located here: C:\Windows\System32\spool\drivers\x64\PCC\ntprint.inf_amd64_ec1e73781eaf7fda.cab https://www.virustotal.com/gui/file/29677db9d85736fa68bbca30a666ec25ce6e325c0055cc696e9d9edc7492f0fc/detection ntprint.inf_amd64_ec1e73781eaf7fda.cab.zip
  20. I am using Malwarebytes Endpoint Protection. I have checked it manually and it wasn't picked up so it looks like the issue is already resolved :)
  21. I believe this is a false positive. Malware.AI.1798124113 C:\Program Files (x86)\PuTTY\pscp.exe Zip file password protected with password 'infected' VirusTotal says no issues: https://www.virustotal.com/gui/file/538353c0c525796801b370d08202d7b541b37c4291c774a5e40663d67d0d0c47/detection pscp.zip
  22. Ok, rebooted now, will PM you the two files.
  23. I see the workstation now wants to reboot to complete the Quarantining of the two files, which explains why I couldn't release them.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.