Jump to content

AlexLeadingEdge

Honorary Members
  • Posts

    192
  • Joined

  • Last visited

Everything posted by AlexLeadingEdge

  1. If it helps, the file was quarantined on 2022-07-15 12:40:15 PM I note that under \MBAMService_Detections\ScanResults\ there are no logs before July 19th.
  2. Hi guys, Here ya go :) Malwarebytes Diagnostics.zip
  3. Hi guys, Another file caught, this might have something to do with the Gigabyte motherboard that both affected machines have. https://www.virustotal.com/gui/file/43c316e06343eae0a225d97f4ba4310fde356478ff6354c7b823ace7489dab41/detection I see there four of mentions of "Crowdsourced YARA Rules" and "Crowdsourced Sigma Rules". No idea what this actually means? GService.zip
  4. Hi guys, We believe this is another false positive in Malwarebytes Nebula / OneView: C:\ProgramData\{9C767969-945E-4249-A630-481122C6A680}\Exact Common Files\2C558AB8\DF296DCE\Hunspellx86.dll We upgraded EXACT to the latest version two days before it was quarantined. https://www.virustotal.com/gui/file/7906142260281a29756606baa739dd52f5c543b4dad6af8896a518e85f25af8d?nocache=1 Hunspellx86.zip
  5. And the second one... 1671874072_MalwarebytesDiagnostics_MSL-WS1.zip
  6. Sorry, how do I do this in Malwarebytes Nebula? Is that the same as a Diagnostic Log? Once uploaded, who can access these attached files? 1499786629_MalwarebytesDiagnostics_I200304016.zip
  7. Hi guys, I believe this is a false positive. We are seeing this picked up on multiple workstations at a law firm. It appears to be a DLL file for the Olympus dictation software for an Olympus docking cradle that holds an Olympus dictation digital recorder. C:\WINDOWS\SYSWOW64\DSSFORMAT.DLL https://www.virustotal.com/gui/file/0e5d3e9f7a189e5c6769f847b55a93842cabba5a76ded92849a56ee5dc76dcff DssFormat.zip
  8. Is there a way to provide the (potentially infected) detected files without restoring them to the end user's machine? If it is actually a trojan I don't really want to be doing that... Logs are attached. 364786596_MalwarebytesDiagnostics.zip
  9. Are these false positives? Three detection types for the same program. I believe Native Images is a Microsoft .NET program. 2022-01-02 09:43:58 AM Trojan.Crypt REDACTED Malware file C:\Windows.old\WINDOWS\assembly\NativeImages_v4.0.30319_32\FSharp.Lang8152be21#\40b5a56f150011d0c51fa11bfbc6e1ee\FSharp.LanguageService.Base.ni.dll 2022-01-02 09:43:58 AM Spyware.PasswordStealer REDACTED Malware file C:\Windows.old\WINDOWS\assembly\NativeImages_v4.0.30319_32\NuGet.Commands\f154ae2115190e7d3d955cd4b7ca51ff\NuGet.Commands.ni.dll 2022-01-02 09:43:58 AM Spyware.PasswordStealer REDACTED Malware file C:\Windows.old\WINDOWS\assembly\NativeImages_v4.0.30319_32\FSharp.Projc0b0e1ec#\41ac35f187be0c6809aab3fce1e98c13\FSharp.ProjectSystem.PropertyPages.ni.dll 2022-01-02 09:43:58 AM Trojan.Crypt REDACTED Malware file C:\Windows.old\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.V159eb141#\68e338c8fd741854bf0c872f0349b630\Microsoft.VisualStudio.TestWindow.Host.ni.dll 2022-01-02 09:43:58 AM Spyware.AgentTesla REDACTED Malware file C:\Windows.old\WINDOWS\assembly\NativeImages_v4.0.30319_32\fsc\c7885f835f4d68bc4a8f20a3da0d4a54\fsc.ni.exe
  10. Hi Orubio, We are missing endpoints from our site lists. Two of the five affected sites are coming up with no users.
  11. Excellent, thank you for your response :)
  12. I just received this email saying my login has been deleted for five sites. See below for a copy of the email. I cannot currently log into these sites, I get a grey screen instead. Any idea what is going on? ********************************************* Hello Alex, Based on your preferences, you are being notified that a new event has occurred for the following account: [REDACTED] Source: web.console Severity: audit Type: user.deleted Details: [REDACTED] was deleted by user [REDACTED] Need help fighting malware or getting the most out of your Malwarebytes product? Malwarebytes Support Thanks!
  13. Thanks AdvancedSetup, I'll let the client know, and ask them to let the website's company know also.
  14. Malwarebytes is saying that cables-solutions.com contains malware? Can someone please double check this? VirusTotal says there is no issue with it: https://www.virustotal.com/gui/url/b9cb2ad2f8e04edf58058a3e6eef7c9bb6b92eff0e60e9fd4780dd23bbce749a
  15. I'm seeing the same errors every reboot. Did jgphelps get a resolution? A reinstall of Malwarebytes doesn't fix the issue. 2021-09-28 13:41:47,000 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pecsa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,001 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_pem4a_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,002 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_polpa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,003 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posaa_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,004 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_posba_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques() *********************************************** 2021-09-28 13:41:47,005 [48] ERROR MBAMPlugin Anti-Exploit technique "abp_povbe7_ms" being processed is unspecified - System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. at System.ThrowHelper.ThrowKeyNotFoundException() at System.Collections.Generic.Dictionary`2.get_Item(TKey key) at EAMBAMPlugin.MBAMPlugin.ProcessAdvancedAntiExploitTechniques()
  16. Hi AdvancedSetup, Do we know what caused this? Do you know what the command was that was blocked? Has it stopped something from running / installing? If it helps, this end user has Office 365.
  17. As requested. Malwarebytes Diagnostics.zip
  18. I have sent the command to download the Diagnostic Logs, but I see the device has gone offline, which is not a shocker since it is 5:07pm now :)
  19. Hi guys, My client has just bought a brand new Surface Pro 7 and I'm seeing this popping up: Malware.Exploit.Agent.Generic Blocked AE exploit ComSpec=C:\windows\system32\cmd.exe 2021-09-08 03:49:42 PM Any ideas how I figure out what Malwarebytes is unhappy about?
  20. I see that VirusTotal isn't updating properly. If you hit "Reanalyse file" it doesn't seem to actually refresh the screen. If you close the tab and open it again to the same link it has updated to the correct details. Perhaps a caching issue. I only noticed it this time around because I hit refresh and it still said "last scanned 10 days ago" after refreshing. //Edit: Yep, it has done it again. Still saying 15 days after clicking "Reanalyse file".
  21. How odd that it would change within the 22 minute gap between me checking and you checking! Oh well... thanks for your help :)
  22. Arduino software, picks up a file in the tools folder: C:\PROGRAM FILES (X86)\ARDUINO\HARDWARE\TOOLS\AVR\BIN\AVR-GCOV.EXE Released and scanned with Malwarebytes, it no longer picks it up, but uploading it to VirusTotal it says that Malwarebytes is the only vendor that sees it as infected. https://www.virustotal.com/gui/file/5a37ccb04abb80f724944b7b57f64672a9864c18cd8139e5a3b3a86c04842aa3 avr-gcov.zip
  23. A part of MYOB's Accountant's Office package. This stops the package from opening. C:\MYOBAO\AOSQL\Central\Deploy\UIHelperClasses.dll Nothing found at VirusTotal: https://www.virustotal.com/gui/file/ce30bc921570ecc1e91df431518fd946d66b81c9952eac2e816170423f011648 UIHelperClasses.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.