TonyVerdoon
Members-
Posts
16 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Getting my three month old copy of Tor/Firefox.exe flagged. You should get a badge for reporting these things. No, not a forum badge, an actual enamel badge I can pin to my schoolbag. I'll have to buy a schoolbag, but we should be prepared for sacrifices on both sides. It's the auto-updated version of Tor. Haven't direct downloaded anything since installation, a long time ago. ------------ Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 31/03/2024 Scan Time: 11:00 Log File: 8bc92d4e-ef45-11ee-a445-244bfe953cc8.json -Software Information- Version: 4.6.10.316 Components Version: 1.0.2286 Update Package Version: 1.0.82834 Licence: Premium -System Information- OS: Windows 10 (Build 19045.4170) CPU: x64 File System: NTFS User: XXXXX\xxxx -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 355891 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 1 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1743426237, C:\USERS\xxxx\ONEDRIVE\DESKTOP\TOR BROWSER\BROWSER\FIREFOX.EXE, No Action By User, 1000000, 1743426237, 1.0.82834, 554DFF8C9155D20667EA92BD, dds, 02759464, 8657A4A8317072B9ADD9C91431F09DE4, 77FE9D57114DEF479F661E8813F2D48AEF9AEC1EB62081999F0C482BF205DCC2 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
-
Oh, downloaded 7th February 2024
-
Package downloaded off their GitHub. No reason to think it's a virus. It's a fork of 7-Zip that plays nice with Windows 11. https://github.com/M2Team/NanaZip/releases Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 02/03/2024 Scan Time: 11:07 Log File: 10d44668-d885-11ee-91d3-244bfe953cc8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.81668 Licence: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 355246 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 2 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC.MSIXBUNDLE, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 28DE4A7B0C0521A7FFC8DFAEB5602C7C, 2BEE289D9E026255073DDCEE8082E8D0AD8496B9FE9FE8F8A29080A81A95872E Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_X64.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 7C5B4656B0DD0F4D1E104BDA2ADB4B1F, CA9EE4513A878E17AFA265EB0AA4D4A5EF2B2CC1678BCC676E56DFF9BC660A3D Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_ARM64.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 084C5CAD1A67FC81BF3E9D6CAC1E2DAF, AA6BFCF702C5C60FF8C88408A8F81C6FE8E82B9030EDF25C712F0E40E7E35461 Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_X86.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, DEAA65E030721450498ADD0427FAD942, 6CCA88311345C312CB2E260DFDD32E351BB48CAC14D77EF00AB7A2369C782072 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
-
In this case "platform-tools_r33.0.3-windows.zip" that I downloaded in 2022. Didn't flag the extracted folder. The biggest mystery, why I downloaded Android SDK platform tools in 2022... oh yeah, I had a Moto Z that was in a charge loop (probably a bad battery). Ended up taking a hammer to it. Hammer remains false positive-free. platform-tools_r33.0.3-windows.zip
-
Getting a repeating warning loop on this blog (that has been around for about 15 years) because of a Reddit embed of all things. Can't 100% say it's not compromised but it's Blogger and Reddit so maybe take a look.
-
Has been sitting in my downloads folder for almost a year. Scan report: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 15/07/2022 Scan Time: 05:11 Log File: 45027980-03f4-11ed-8350-244bfe953cc8.json -Software Information- Version: 4.5.10.200 Components Version: 1.0.1709 Update Package Version: 1.0.57249 Licence: Premium -System Information- OS: Windows 10 (Build 19043.1766) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 366479 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 8 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.91704989, C:\USERS\FRIGH\DOWNLOADS\AMDCLEANUPUTILITY.EXE, No Action By User, 1000000, 91704989, 1.0.57249, 543A542B537453D005774E9D, dds, 01859125, 17DB272C45C05592583AC6D196EB1BC5, CD103A8FA03225C6A3E6A75AA042FFB7D59048D9A3CDB90F873DC4DC5D2B23ED Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Will eat hat if not false positive. amdcleanuputility.zip
-
Downloaded from "geekuninstaller dot com" and sitting in my Downloads for about three weeks, the Geek Uninstaller app got flagged this morning. I'm assuming it's fine. Deets attached. scanrep.txt repfolder.7z
-
Sorry, should have added these, I guess. Though one is the actual installer for Handbrake that's been on my SSD since May last year... scanrep.txt scanfiles.7z
-
Getting this newtonsoft.json.dll detection for Scrivener (fairly niche writing software) and Handbrake of all things, as well.
-
The Browser Guard is blocking smile.amazon.co.uk Unless you know something that hasn't been widely announced, I don't think they're hosting malware. (The smile. is to enable a commission for charities, which everyone should be doing as it costs you nothing). Just a headsup. I've white-listed it and moved on with my life. Just thought it was funny.
-
Not a complaint or a suggestion. Honestly not sure which section of the forum to put this. Five years ago I bought the Premium lifetime edition of MBAM. This weekend I built my first new PC in seven years and I was dreading the process of transferring the key. I've spent the day setting up password managers, about a dozen different game launchers and a host of my favourite utilities, but I left MBAM to last. Five minutes. Download, activate on new device, deactivate old device. No idea if anyone involved will ever read this but it's a great product and a painless transfer procedure. Thanks folks!
-
FWIW I woke up this morning, turned on the PC and quickly got this notification. Identical to OP, except for PC name. I quarantined it to be safe but I'm kinda dubious. I'm on version 5374. My main surprise was that my Windows PC has a root folder.
-
Oh, okay, thanks for letting me know!
-
For what it's worth, the last patch seems to have sorted this out for me. Still curious how to delete a custom protection setting.
-
It's Office 365, patched up to date. Thanks for the link. I've read through that other thread and at least the dev team is being made aware it's a bug. Guess I'll chill until it's patched.