Jump to content

AlexLeadingEdge

Honorary Members
  • Posts

    155
  • Joined

  • Last visited

Everything posted by AlexLeadingEdge

  1. Thanks AdvancedSetup, I'll let the client know, and ask them to let the website's company know also.
  2. Malwarebytes is saying that cables-solutions.com contains malware? Can someone please double check this? VirusTotal says there is no issue with it: https://www.virustotal.com/gui/url/b9cb2ad2f8e04edf58058a3e6eef7c9bb6b92eff0e60e9fd4780dd23bbce749a
  3. I'm seeing the same errors every reboot. Did jgphelps get a resolution? A reinstall of Malwarebytes doesn't fix the issue. 2021-09-28 13:41:47,000 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pecsa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,001 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pem4a_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,002 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_polpa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,003 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posaa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,004 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posba_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,005 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_povbe7_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
  4. Hi AdvancedSetup, Do we know what caused this? Do you know what the command was that was blocked? Has it stopped something from running / installing? If it helps, this end user has Office 365.
  5. As requested. Malwarebytes Diagnostics.zip
  6. I have sent the command to download the Diagnostic Logs, but I see the device has gone offline, which is not a shocker since it is 5:07pm now :)
  7. Hi guys, My client has just bought a brand new Surface Pro 7 and I'm seeing this popping up: Malware.Exploit.Agent.Generic Blocked AE exploit ComSpec=C:\windows\system32\cmd.exe 2021-09-08 03:49:42 PM Any ideas how I figure out what Malwarebytes is unhappy about?
  8. I see that VirusTotal isn't updating properly. If you hit "Reanalyse file" it doesn't seem to actually refresh the screen. If you close the tab and open it again to the same link it has updated to the correct details. Perhaps a caching issue. I only noticed it this time around because I hit refresh and it still said "last scanned 10 days ago" after refreshing. //Edit: Yep, it has done it again. Still saying 15 days after clicking "Reanalyse file".
  9. How odd that it would change within the 22 minute gap between me checking and you checking! Oh well... thanks for your help :)
  10. Arduino software, picks up a file in the tools folder: C:\PROGRAM FILES (X86)\ARDUINO\HARDWARE\TOOLS\AVR\BIN\AVR-GCOV.EXE Released and scanned with Malwarebytes, it no longer picks it up, but uploading it to VirusTotal it says that Malwarebytes is the only vendor that sees it as infected. https://www.virustotal.com/gui/file/5a37ccb04abb80f724944b7b57f64672a9864c18cd8139e5a3b3a86c04842aa3 avr-gcov.zip
  11. A part of MYOB's Accountant's Office package. This stops the package from opening. C:\MYOBAO\AOSQL\Central\Deploy\UIHelperClasses.dll Nothing found at VirusTotal: https://www.virustotal.com/gui/file/ce30bc921570ecc1e91df431518fd946d66b81c9952eac2e816170423f011648 UIHelperClasses.zip
  12. This has been detected today. Detection is still active. VirusTotal says no hits. https://www.virustotal.com/gui/file/d741779df9db60fac66913ffcabde259519c79c14fbbd7bb4e06377b0a664c31/detection KmInst64.zip
  13. Hi Mieke, Malwarebytes isn't detecting it now. Sorry for wasting your time.
  14. Hi Mieke, Malwarebytes isn't detecting it now. Sorry for wasting your time.
  15. Believed to be a False Positive. Five vendors consider it to be malicious at VirusTotal. As far as I know it is part of the AutoDesk Product Design Suite 2017 installer. https://www.virustotal.com/gui/file/5f023ae69d28a1a427e36958804f6afdf88e0d9002e0016b9608ccee5c34be68/detection
  16. I believe this is a False Positive. File is attached. We installed this two years ago and haven't had any (known) issues. Zero hits at VirusTotal. https://www.virustotal.com/gui/file/ce8522dd27f2c5ec95a67cd6d14e82892bd8642d4a78d7cff57b5dfd26a9700a/detection ExchangeRulesProSetupENx64.zip
  17. We use Gmail, and we have separate accounts. Domain is irrelevant as it is web-based. We use Endpoint Protection.
  18. Hi guys, We are using OneView and I've just added a new computer to it. I ran a Scan & Quarantine on this new machine (a terminal server) and it found 40+ items. I never got an email notification about the detections, but my boss did. I looked in Nebula on the company site and everything is ticked for notifications, yet still no email. Any idea why I am not getting the emails but my boss is? We both use the same email system.
  19. Hi guys, I keep seeing this popping up in my quarantine: PUM.Optional.DisabledSecurityCenter Reg, Value PUM Quarantined HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY By default TS Plus turns off the AV notifications for some reason. Not sure why exactly, but I'd don't want to mess with the terminal server software so I want to whitelist it. We have third party AV with Malwarebytes and BitDefender, with BitDefender turning off Windows Defender anyway. Do I add the exclusion as: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER or HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY I guess the question is if the dword or key is the object that I whitelist.
  20. The location is the SolarWinds Patch Management cache. I don't know what this file is, some sort of update patch for one of our software packages I assume. Two vendors have flagged it in VirusTotal. CrowdStrike gives it a 60% confidence that it is a virus. https://www.virustotal.com/gui/file/1519a153cd3b93c1e56ad5f6ffc98195e2c68e963a14a74558b7b4c0adbf4e55/detection C:\PROGRAMDATA\MSPPLATFORM\FILECACHESERVICEAGENT\CACHE\A3B68742-F6D4-4DF1-B217-B7EC66B4C314.1.EXE File attached with password 'infected' a3b68742-f6d4-4df1-b217-b7ec66b4c314.1.zip
  21. Isn't that Microsoft's default universal driver?
  22. A print driver CAB file located here: C:\Windows\System32\spool\drivers\x64\PCC\ntprint.inf_amd64_ec1e73781eaf7fda.cab https://www.virustotal.com/gui/file/29677db9d85736fa68bbca30a666ec25ce6e325c0055cc696e9d9edc7492f0fc/detection ntprint.inf_amd64_ec1e73781eaf7fda.cab.zip
  23. I am using Malwarebytes Endpoint Protection. I have checked it manually and it wasn't picked up so it looks like the issue is already resolved :)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.