Jump to content

NeoBeum

Techbench
  • Posts

    30
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I just set to Ignore always - I'm willing to bet something in Windows 10 servicing will break if it gets quarantined and doesn't start properly on next boot...
  2. I'm not sure which Windows 10 app updated and triggered these appx reg entries, but if I find it I'll post back... could be a Wireless Service pack or something to break my PC.... MBAM-21-05-20.txt
  3. @Amaroq_Starwind Trust me, you don't want to be putting any DISM related scripts on a task schedule... google some of my posts blasting microsoft about dism... and what they broke for KB4498523 and more for 18362.1 problems with DISM is one issue... task scheduler is an entire different issue in itself. i haven't read the rest of the replies, and have only read the original post, and hit reply because DISM on schedule is bad if you get a bad servicing stack this is what will happen to your recovery image: the right hand side is what how directory structure should be populated the left hand side is what the SSU did to 18362.30+ (google: "dear microsoft 1903")
  4. Machine Learning / Anomalous 97% - False positive on Microsoft Store Windows App: Segoe MDL2 Assets Filename: 35640TWyTec.UWPSegoeMDL2Assets_1.1.33.0_neutral_~_8e2hdjak06jkr.appxbundle File: http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/794c8a4d-9393-4ef1-b306-b6469b6cbf4d?P1=1559379012&P2=402&P3=2&P4=Q%2bEcL%2bDN%2b0D5VMVSEYZasTa%2fTj8VD5yqN54cwqg4okYoZBxrK8yIx3X3O4uTXzcT6lym9A9z%2fK2Lq5VBReIZcA%3d%3d VirusTotal: https://www.virustotal.com/gui/file/0e140eeda17a1f0b3d23be2787412eeb8d348181056b967997472b4cbb4f5467/detection MBAM-SegoeMDL2-Appx.txt
  5. Thanks HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt HKCR\Folder\shellex\ContextMenuHandlers\MBAMShlExt HKCR\MBAMExt.MBAMShlExt HKCR\MBAMExt.MBAMShlExt.1 HKCR\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKCR\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} Those were the same keys I was about to import. I just ended up re-installing and pasting in the ProgramaData. The MBAM Repair Tool has a broken URL if browsing from the malwarebytes.com homepage - I wasn't able to get a copy of it until you shared the link here. Maybe you could mention this to the web admins so they can fix it.
  6. Good to know I was in the middle of hunting for the MBShlExt and IMBShlExt Registry Keys from a PC with the Context Menu working and planning on manually adding the keys to the other PC
  7. Ability to export or import user settings would be useful for quick configuration on multiple devices. Example: Export configuration for Application, Protection, Scan Schedule and Exclusions Re-installation of Malwarebytes 3 to fix Windows UI Missing Context Menu Import previous configuration This will be good for users with large exclusion lists and custom scan schedules. I am currently missing the context menu in Windows, and am dreading having to populate my exclusion list again.
  8. The links to the HLKSetup.exe are from https://docs.microsoft.com/en-us/windows-hardware/test/hlk/windows-hardware-lab-kit https://go.microsoft.com/fwlink/?linkid=2026646 https://go.microsoft.com/fwlink/p/?LinkId=873010 However, the ISO was obtained from my Azure Subscription
  9. 1803 - e68d05a40f5c0cc7bcc2f1f58607ea8a.cab Scan result no threats detected File size 8.31 MB File type ARC/CAB Scan date Mar 30 2019 23:01:06 Databases release date Mar 30 2019 11:44:42 UTC MD5 3d3c4aafb876d42906bcbc6bc4042ae4 SHA1 7e1e40bef0bee09a7c9d3dbcd5db8f2c3bdde369 SHA256 968f04811d404c2a06728d7fa6b4d29def1d941659cc70dfc0518415be56eb71
  10. VirusTotal has been stuck on 100% since I started typing the post... the original 2nd scan post... so has OPSWAT 1809 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 15.50 MB File type ARC/CAB Scan date Mar 30 2019 22:52:10 Databases release date Mar 30 2019 11:44:42 UTC MD5 c92bde8bb0ec9b2bab32ae2d6d688a53 SHA1 4453a985f595eb14ece1a6130519a55591cb83ac SHA256 d5fe479b0e151302e89486449666ad2b2ad9bf8d4d0be9411dfa11bf79a192da 1803 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 13.32 MB File type ARC/CAB Scan date Mar 30 2019 22:56:01 Databases release date Mar 30 2019 11:44:42 UTC MD5 16bce742fe227b4bae17318df0a433a4 SHA1 942a6b891f091a72e059a1c8ffdd1b3a709ae75b SHA256 6eb8a7f7e6b1e57eef1c879c3aa9fa56a090578c69930c4a84a42d2efa2de911
  11. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:36 Log File: 5077ee36-52e4-11e9-864d-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117956 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, C:\USERS\NEOBEUM\APPDATA\ROAMING\Microsoft\Windows\Recent\1f39792e6be0d2fa858e6696a60070c7.cab.lnk, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, E:\WINDOWS\1809\HLK\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:26 Log File: e55d90ca-52e2-11e9-b515-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117949 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, F:\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, F:\INSTALLERS\E68D05A40F5C0CC7BCC2F1F58607EA8A.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  12. The newly downloaded iso for 1803 have come back positive. The cabinet files found on mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso Only one cabinet file for the 1809 HLK also scan positive for 'Trojan.FakeMS' 1f39792e6be0d2fa858e6696a60070c7.cab VirusTotal is still processing the files... although I think the process has crashed as MBAM has frozen the files as Firefox is trying to upload
  13. I'm in the middle of updating my dev tools and remembered that there were two cab files flagged as 'Trojan.FakeMS' on 25/06/2018. So from the date, I think this may have been the 1803 HLK Download packages using the HLKSetup.exe. This wasn't from mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso. Though, out of interest, I am downloading that iso again just to see if the cabinet files are present. The two files flagged in the 'Installers' directory are: 1f39792e6be0d2fa858e6696a60070c7.cab e68d05a40f5c0cc7bcc2f1f58607ea8a.cab I will post another report once the 1809 and 1803 HLK have finished downloading on my end and I get a chance to scan and upload a sample to virustotal. (Just posting this now - as I've already delayed 9 months and I will forget about it again if I don't do this now)
  14. Hello MBAM3.0 on Windows 10 has flagged RSA2048Sha256GenerateKey.exe and RSA2048Sha256Sign.exe as Trojan.SpyEye.R. Both files are included for the prebuilt tools for the EFI Development Kit II at the Tianocore GitHub https://github.com/tianocore/tianocore.github.io/wiki/EDK-II Files on my pc match the sha256 from the virustotal scans I just did and can be found here https://github.com/tianocore/edk2-BaseTools-win32 https://www.virustotal.com/#/file/2c92b3f97792ff743abe186b77082e66fee8f8bd5040be3eca2812daa0227d41/detection https://www.virustotal.com/#/file/e91b813f4fbe3216e36a9b09c5eb36ab4acbc09cd6a4a8e91a2531579ed66e10/detection Curious that it should be fine as it's old and also marked as OK for the Malwarebytes response and should have been picked up by MBAM3 as false Thanks falsepos.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.