Jump to content

NeoBeum

Techbench
  • Content Count

    21
  • Joined

  • Last visited

About NeoBeum

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt HKCR\Folder\shellex\ContextMenuHandlers\MBAMShlExt HKCR\MBAMExt.MBAMShlExt HKCR\MBAMExt.MBAMShlExt.1 HKCR\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKCR\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} Those were the same keys I was about to import. I just ended up re-installing and pasting in the ProgramaData. The MBAM Repair Tool has a broken URL if browsing from the malwarebytes.com homepage - I wasn't able to get a copy of it until you shared the link here. Maybe you could mention this to the web admins so they can fix it.
  2. Good to know I was in the middle of hunting for the MBShlExt and IMBShlExt Registry Keys from a PC with the Context Menu working and planning on manually adding the keys to the other PC
  3. Ability to export or import user settings would be useful for quick configuration on multiple devices. Example: Export configuration for Application, Protection, Scan Schedule and Exclusions Re-installation of Malwarebytes 3 to fix Windows UI Missing Context Menu Import previous configuration This will be good for users with large exclusion lists and custom scan schedules. I am currently missing the context menu in Windows, and am dreading having to populate my exclusion list again.
  4. The links to the HLKSetup.exe are from https://docs.microsoft.com/en-us/windows-hardware/test/hlk/windows-hardware-lab-kit https://go.microsoft.com/fwlink/?linkid=2026646 https://go.microsoft.com/fwlink/p/?LinkId=873010 However, the ISO was obtained from my Azure Subscription
  5. 1803 - e68d05a40f5c0cc7bcc2f1f58607ea8a.cab Scan result no threats detected File size 8.31 MB File type ARC/CAB Scan date Mar 30 2019 23:01:06 Databases release date Mar 30 2019 11:44:42 UTC MD5 3d3c4aafb876d42906bcbc6bc4042ae4 SHA1 7e1e40bef0bee09a7c9d3dbcd5db8f2c3bdde369 SHA256 968f04811d404c2a06728d7fa6b4d29def1d941659cc70dfc0518415be56eb71
  6. VirusTotal has been stuck on 100% since I started typing the post... the original 2nd scan post... so has OPSWAT 1809 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 15.50 MB File type ARC/CAB Scan date Mar 30 2019 22:52:10 Databases release date Mar 30 2019 11:44:42 UTC MD5 c92bde8bb0ec9b2bab32ae2d6d688a53 SHA1 4453a985f595eb14ece1a6130519a55591cb83ac SHA256 d5fe479b0e151302e89486449666ad2b2ad9bf8d4d0be9411dfa11bf79a192da 1803 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 13.32 MB File type ARC/CAB Scan date Mar 30 2019 22:56:01 Databases release date Mar 30 2019 11:44:42 UTC MD5 16bce742fe227b4bae17318df0a433a4 SHA1 942a6b891f091a72e059a1c8ffdd1b3a709ae75b SHA256 6eb8a7f7e6b1e57eef1c879c3aa9fa56a090578c69930c4a84a42d2efa2de911
  7. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:36 Log File: 5077ee36-52e4-11e9-864d-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117956 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, C:\USERS\NEOBEUM\APPDATA\ROAMING\Microsoft\Windows\Recent\1f39792e6be0d2fa858e6696a60070c7.cab.lnk, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, E:\WINDOWS\1809\HLK\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:26 Log File: e55d90ca-52e2-11e9-b515-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117949 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, F:\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, F:\INSTALLERS\E68D05A40F5C0CC7BCC2F1F58607EA8A.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  8. The newly downloaded iso for 1803 have come back positive. The cabinet files found on mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso Only one cabinet file for the 1809 HLK also scan positive for 'Trojan.FakeMS' 1f39792e6be0d2fa858e6696a60070c7.cab VirusTotal is still processing the files... although I think the process has crashed as MBAM has frozen the files as Firefox is trying to upload
  9. I'm in the middle of updating my dev tools and remembered that there were two cab files flagged as 'Trojan.FakeMS' on 25/06/2018. So from the date, I think this may have been the 1803 HLK Download packages using the HLKSetup.exe. This wasn't from mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso. Though, out of interest, I am downloading that iso again just to see if the cabinet files are present. The two files flagged in the 'Installers' directory are: 1f39792e6be0d2fa858e6696a60070c7.cab e68d05a40f5c0cc7bcc2f1f58607ea8a.cab I will post another report once the 1809 and 1803 HLK have finished downloading on my end and I get a chance to scan and upload a sample to virustotal. (Just posting this now - as I've already delayed 9 months and I will forget about it again if I don't do this now)
  10. Hello MBAM3.0 on Windows 10 has flagged RSA2048Sha256GenerateKey.exe and RSA2048Sha256Sign.exe as Trojan.SpyEye.R. Both files are included for the prebuilt tools for the EFI Development Kit II at the Tianocore GitHub https://github.com/tianocore/tianocore.github.io/wiki/EDK-II Files on my pc match the sha256 from the virustotal scans I just did and can be found here https://github.com/tianocore/edk2-BaseTools-win32 https://www.virustotal.com/#/file/2c92b3f97792ff743abe186b77082e66fee8f8bd5040be3eca2812daa0227d41/detection https://www.virustotal.com/#/file/e91b813f4fbe3216e36a9b09c5eb36ab4acbc09cd6a4a8e91a2531579ed66e10/detection Curious that it should be fine as it's old and also marked as OK for the Malwarebytes response and should have been picked up by MBAM3 as false Thanks falsepos.txt
  11. Hello, I'm just about to try installing Windows Server 2016 on my laptop and was wondering if MBAM 3.0 is compatible with this edition of Windows? It's basically going to be used as a server in a home environment Thanks
  12. I had a similar issue a while ago. Make sure that the WindowsApps directory and any SystemVolume directories for Shadow copies and backups are excluded, otherwise MBAM just sits there trying to open something it can't open.
  13. Hello Admins, I need to convert this thread from a 'help me' thread to a 'bug report' I found the cause - MBAM doesn't have sufficient privileges to read contents in [REMOVABLE-DISK]:\$Recycle.bin (Removable or Dynamic maybe - it has no problems with C: - but I haven't tested while the main system disk recycle bin has contents) I deleted the temporary recycle bin restore directory, and MBAM successfully scanned the drive with no problems or affect on the system.
  14. The only additions I have done in the last 2 days is install VMWare Player 12... other than that my system has been fine. I can't ammend my original posts, or edit to include that or change the title
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.