TonyVerdoon

Getting my three month old copy of Tor/Firefox.exe flagged. You should get a badge for reporting these things. No, not a forum badge, an actual enamel badge I can pin to my schoolbag. I'll have to buy a schoolbag, but we should be prepared for sacrifices on both sides. It's the auto-updated version of Tor. Haven't direct downloaded anything since installation, a long time ago. ------------ Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 31/03/2024 Scan Time: 11:00 Log File: 8bc92d4e-ef45-11ee-a445-244bfe953cc8.json -Software Information- Version: 4.6.10.316 Components Version: 1.0.2286 Update Package Version: 1.0.82834 Licence: Premium -System Information- OS: Windows 10 (Build 19045.4170) CPU: x64 File System: NTFS User: XXXXX\xxxx -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 355891 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 1 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1743426237, C:\USERS\xxxx\ONEDRIVE\DESKTOP\TOR BROWSER\BROWSER\FIREFOX.EXE, No Action By User, 1000000, 1743426237, 1.0.82834, 554DFF8C9155D20667EA92BD, dds, 02759464, 8657A4A8317072B9ADD9C91431F09DE4, 77FE9D57114DEF479F661E8813F2D48AEF9AEC1EB62081999F0C482BF205DCC2 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

Oh, downloaded 7th February 2024

Package downloaded off their GitHub. No reason to think it's a virus. It's a fork of 7-Zip that plays nice with Windows 11. https://github.com/M2Team/NanaZip/releases Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 02/03/2024 Scan Time: 11:07 Log File: 10d44668-d885-11ee-91d3-244bfe953cc8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.81668 Licence: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 355246 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 2 min, 21 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC.MSIXBUNDLE, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 28DE4A7B0C0521A7FFC8DFAEB5602C7C, 2BEE289D9E026255073DDCEE8082E8D0AD8496B9FE9FE8F8A29080A81A95872E Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_X64.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 7C5B4656B0DD0F4D1E104BDA2ADB4B1F, CA9EE4513A878E17AFA265EB0AA4D4A5EF2B2CC1678BCC676E56DFF9BC660A3D Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_ARM64.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, 084C5CAD1A67FC81BF3E9D6CAC1E2DAF, AA6BFCF702C5C60FF8C88408A8F81C6FE8E82B9030EDF25C712F0E40E7E35461 Malware.AI.2679367899, C:\USERS\XXXXX\DOWNLOADS\40174MOURINARUTO.NANAZIP_2.0.450.0_GNJ4MF6Z9TKRC\NANAZIPPACKAGE_2.0.450.0_X86.MSIX, No Action By User, 1000000, -1615599397, 1.0.81668, 9935DDBFD8C258BD9FB3E8DB, dds, 02717858, DEAA65E030721450498ADD0427FAD942, 6CCA88311345C312CB2E260DFDD32E351BB48CAC14D77EF00AB7A2369C782072 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

In this case "platform-tools_r33.0.3-windows.zip" that I downloaded in 2022. Didn't flag the extracted folder. The biggest mystery, why I downloaded Android SDK platform tools in 2022... oh yeah, I had a Moto Z that was in a charge loop (probably a bad battery). Ended up taking a hammer to it. Hammer remains false positive-free. platform-tools_r33.0.3-windows.zip

Getting a repeating warning loop on this blog (that has been around for about 15 years) because of a Reddit embed of all things. Can't 100% say it's not compromised but it's Blogger and Reddit so maybe take a look.

Has been sitting in my downloads folder for almost a year. Scan report: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 15/07/2022 Scan Time: 05:11 Log File: 45027980-03f4-11ed-8350-244bfe953cc8.json -Software Information- Version: 4.5.10.200 Components Version: 1.0.1709 Update Package Version: 1.0.57249 Licence: Premium -System Information- OS: Windows 10 (Build 19043.1766) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 366479 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 8 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.91704989, C:\USERS\FRIGH\DOWNLOADS\AMDCLEANUPUTILITY.EXE, No Action By User, 1000000, 91704989, 1.0.57249, 543A542B537453D005774E9D, dds, 01859125, 17DB272C45C05592583AC6D196EB1BC5, CD103A8FA03225C6A3E6A75AA042FFB7D59048D9A3CDB90F873DC4DC5D2B23ED Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Will eat hat if not false positive. amdcleanuputility.zip

Downloaded from "geekuninstaller dot com" and sitting in my Downloads for about three weeks, the Geek Uninstaller app got flagged this morning. I'm assuming it's fine. Deets attached. scanrep.txt repfolder.7z

Sorry, should have added these, I guess. Though one is the actual installer for Handbrake that's been on my SSD since May last year... scanrep.txt scanfiles.7z

Getting this newtonsoft.json.dll detection for Scrivener (fairly niche writing software) and Handbrake of all things, as well.

The Browser Guard is blocking smile.amazon.co.uk Unless you know something that hasn't been widely announced, I don't think they're hosting malware. (The smile. is to enable a commission for charities, which everyone should be doing as it costs you nothing). Just a headsup. I've white-listed it and moved on with my life. Just thought it was funny.

Not a complaint or a suggestion. Honestly not sure which section of the forum to put this. Five years ago I bought the Premium lifetime edition of MBAM. This weekend I built my first new PC in seven years and I was dreading the process of transferring the key. I've spent the day setting up password managers, about a dozen different game launchers and a host of my favourite utilities, but I left MBAM to last. Five minutes. Download, activate on new device, deactivate old device. No idea if anyone involved will ever read this but it's a great product and a painless transfer procedure. Thanks folks!

FWIW I woke up this morning, turned on the PC and quickly got this notification. Identical to OP, except for PC name. I quarantined it to be safe but I'm kinda dubious. I'm on version 5374. My main surprise was that my Windows PC has a root folder.

Oh, okay, thanks for letting me know!

For what it's worth, the last patch seems to have sorted this out for me. Still curious how to delete a custom protection setting.

It's Office 365, patched up to date. Thanks for the link. I've read through that other thread and at least the dev team is being made aware it's a bug. Guess I'll chill until it's patched.