Jump to content

NeoBeum

Techbench
  • Posts

    30
  • Joined

  • Last visited

Everything posted by NeoBeum

  1. These aren't really files, but entries in Windows Registry
  2. I just set to Ignore always - I'm willing to bet something in Windows 10 servicing will break if it gets quarantined and doesn't start properly on next boot...
  3. I'm not sure which Windows 10 app updated and triggered these appx reg entries, but if I find it I'll post back... could be a Wireless Service pack or something to break my PC.... MBAM-21-05-20.txt
  4. @Amaroq_Starwind Trust me, you don't want to be putting any DISM related scripts on a task schedule... google some of my posts blasting microsoft about dism... and what they broke for KB4498523 and more for 18362.1 problems with DISM is one issue... task scheduler is an entire different issue in itself. i haven't read the rest of the replies, and have only read the original post, and hit reply because DISM on schedule is bad if you get a bad servicing stack this is what will happen to your recovery image: the right hand side is what how directory structure should be populated the left hand side is what the SSU did to 18362.30+ (google: "dear microsoft 1903")
  5. Machine Learning / Anomalous 97% - False positive on Microsoft Store Windows App: Segoe MDL2 Assets Filename: 35640TWyTec.UWPSegoeMDL2Assets_1.1.33.0_neutral_~_8e2hdjak06jkr.appxbundle File: http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/794c8a4d-9393-4ef1-b306-b6469b6cbf4d?P1=1559379012&P2=402&P3=2&P4=Q%2bEcL%2bDN%2b0D5VMVSEYZasTa%2fTj8VD5yqN54cwqg4okYoZBxrK8yIx3X3O4uTXzcT6lym9A9z%2fK2Lq5VBReIZcA%3d%3d VirusTotal: https://www.virustotal.com/gui/file/0e140eeda17a1f0b3d23be2787412eeb8d348181056b967997472b4cbb4f5467/detection MBAM-SegoeMDL2-Appx.txt
  6. Thanks HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt HKCR\Folder\shellex\ContextMenuHandlers\MBAMShlExt HKCR\MBAMExt.MBAMShlExt HKCR\MBAMExt.MBAMShlExt.1 HKCR\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKCR\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} Those were the same keys I was about to import. I just ended up re-installing and pasting in the ProgramaData. The MBAM Repair Tool has a broken URL if browsing from the malwarebytes.com homepage - I wasn't able to get a copy of it until you shared the link here. Maybe you could mention this to the web admins so they can fix it.
  7. Good to know I was in the middle of hunting for the MBShlExt and IMBShlExt Registry Keys from a PC with the Context Menu working and planning on manually adding the keys to the other PC
  8. Ability to export or import user settings would be useful for quick configuration on multiple devices. Example: Export configuration for Application, Protection, Scan Schedule and Exclusions Re-installation of Malwarebytes 3 to fix Windows UI Missing Context Menu Import previous configuration This will be good for users with large exclusion lists and custom scan schedules. I am currently missing the context menu in Windows, and am dreading having to populate my exclusion list again.
  9. The links to the HLKSetup.exe are from https://docs.microsoft.com/en-us/windows-hardware/test/hlk/windows-hardware-lab-kit https://go.microsoft.com/fwlink/?linkid=2026646 https://go.microsoft.com/fwlink/p/?LinkId=873010 However, the ISO was obtained from my Azure Subscription
  10. 1803 - e68d05a40f5c0cc7bcc2f1f58607ea8a.cab Scan result no threats detected File size 8.31 MB File type ARC/CAB Scan date Mar 30 2019 23:01:06 Databases release date Mar 30 2019 11:44:42 UTC MD5 3d3c4aafb876d42906bcbc6bc4042ae4 SHA1 7e1e40bef0bee09a7c9d3dbcd5db8f2c3bdde369 SHA256 968f04811d404c2a06728d7fa6b4d29def1d941659cc70dfc0518415be56eb71
  11. VirusTotal has been stuck on 100% since I started typing the post... the original 2nd scan post... so has OPSWAT 1809 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 15.50 MB File type ARC/CAB Scan date Mar 30 2019 22:52:10 Databases release date Mar 30 2019 11:44:42 UTC MD5 c92bde8bb0ec9b2bab32ae2d6d688a53 SHA1 4453a985f595eb14ece1a6130519a55591cb83ac SHA256 d5fe479b0e151302e89486449666ad2b2ad9bf8d4d0be9411dfa11bf79a192da 1803 - 1f39792e6be0d2fa858e6696a60070c7.cab Kaspersky VirusDesk Scan result no threats detected File size 13.32 MB File type ARC/CAB Scan date Mar 30 2019 22:56:01 Databases release date Mar 30 2019 11:44:42 UTC MD5 16bce742fe227b4bae17318df0a433a4 SHA1 942a6b891f091a72e059a1c8ffdd1b3a709ae75b SHA256 6eb8a7f7e6b1e57eef1c879c3aa9fa56a090578c69930c4a84a42d2efa2de911
  12. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:36 Log File: 5077ee36-52e4-11e9-864d-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117956 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, C:\USERS\NEOBEUM\APPDATA\ROAMING\Microsoft\Windows\Recent\1f39792e6be0d2fa858e6696a60070c7.cab.lnk, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, E:\WINDOWS\1809\HLK\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 30/03/2019 Scan Time: 22:26 Log File: e55d90ca-52e2-11e9-b515-1c872ce2247f.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.9924 Licence: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: NB-G751JY\NeoBeum -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 117949 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 2 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.FakeMS, F:\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924 Trojan.FakeMS, F:\INSTALLERS\E68D05A40F5C0CC7BCC2F1F58607EA8A.CAB, No Action By User, [725], [54561],1.0.9924 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  13. The newly downloaded iso for 1803 have come back positive. The cabinet files found on mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso Only one cabinet file for the 1809 HLK also scan positive for 'Trojan.FakeMS' 1f39792e6be0d2fa858e6696a60070c7.cab VirusTotal is still processing the files... although I think the process has crashed as MBAM has frozen the files as Firefox is trying to upload
  14. I'm in the middle of updating my dev tools and remembered that there were two cab files flagged as 'Trojan.FakeMS' on 25/06/2018. So from the date, I think this may have been the 1803 HLK Download packages using the HLKSetup.exe. This wasn't from mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso. Though, out of interest, I am downloading that iso again just to see if the cabinet files are present. The two files flagged in the 'Installers' directory are: 1f39792e6be0d2fa858e6696a60070c7.cab e68d05a40f5c0cc7bcc2f1f58607ea8a.cab I will post another report once the 1809 and 1803 HLK have finished downloading on my end and I get a chance to scan and upload a sample to virustotal. (Just posting this now - as I've already delayed 9 months and I will forget about it again if I don't do this now)
  15. Hello MBAM3.0 on Windows 10 has flagged RSA2048Sha256GenerateKey.exe and RSA2048Sha256Sign.exe as Trojan.SpyEye.R. Both files are included for the prebuilt tools for the EFI Development Kit II at the Tianocore GitHub https://github.com/tianocore/tianocore.github.io/wiki/EDK-II Files on my pc match the sha256 from the virustotal scans I just did and can be found here https://github.com/tianocore/edk2-BaseTools-win32 https://www.virustotal.com/#/file/2c92b3f97792ff743abe186b77082e66fee8f8bd5040be3eca2812daa0227d41/detection https://www.virustotal.com/#/file/e91b813f4fbe3216e36a9b09c5eb36ab4acbc09cd6a4a8e91a2531579ed66e10/detection Curious that it should be fine as it's old and also marked as OK for the Malwarebytes response and should have been picked up by MBAM3 as false Thanks falsepos.txt
  16. Hello, I'm just about to try installing Windows Server 2016 on my laptop and was wondering if MBAM 3.0 is compatible with this edition of Windows? It's basically going to be used as a server in a home environment Thanks
  17. I had a similar issue a while ago. Make sure that the WindowsApps directory and any SystemVolume directories for Shadow copies and backups are excluded, otherwise MBAM just sits there trying to open something it can't open.
  18. Hello Admins, I need to convert this thread from a 'help me' thread to a 'bug report' I found the cause - MBAM doesn't have sufficient privileges to read contents in [REMOVABLE-DISK]:\$Recycle.bin (Removable or Dynamic maybe - it has no problems with C: - but I haven't tested while the main system disk recycle bin has contents) I deleted the temporary recycle bin restore directory, and MBAM successfully scanned the drive with no problems or affect on the system.
  19. The only additions I have done in the last 2 days is install VMWare Player 12... other than that my system has been fine. I can't ammend my original posts, or edit to include that or change the title
  20. Yourself; if you don't go to dodgy sites, you won't be susceptible to being stomped on.
  21. The behaviour is the same on 3.1. Scans are smooth until it reaches that drive - then CPU is max and R/W for the drive whirring along at 200MB/s and RAM usage comes shy of 1GB. The desktop environment becomes extremely laggy and scan and service needs termination. 06/01/17 " 01:47:07.626" 395437 0af0 1a90 WARNING OfflineUAManager mb::common::system::OfflineUAManager::LoadUAHivesOffline "OfflineUserAccountsManager.cpp" 205 "RegLoadKey failed: Key=S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06012017014707620, ProfilePath=C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-20-06012017014707620-ntuser.dat, retCode=32." 06/01/17 " 01:47:08.170" 395984 0af0 1a90 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse "GalaxyRuleParser.cpp" 2973 "Successfully parsed 86311 records." 06/01/17 " 01:47:19.648" 407453 0af0 1a90 ERROR ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::GetBootPartition "RootkitScanner.cpp" 3081 "Failed to find a bootable drive" 06/01/17 " 01:47:19.648" 407453 0af0 1a90 WARNING ScanControllerImpl mb::scancontrollerimpl::RootkitScanner::IsBootableDrive "RootkitScanner.cpp" 2978 "Failed to Get partition info for \\?\Volume{61e6d2ef-7953-4f31-a58f-79cb7f701b78}\, ErrorCode=(4294967295)"
  22. I have MBAM on my tablet on Windows 10 EDU 1703, it's configuration is the same as the settings on my main laptop. Obviously the only difference is aside from the Windows update is that I don't have multiple drives on it and only a SD Card. I had to reconfigure Windows Defender for the 1703 update because it was automatically enabled again. Eset is also on the tablet. I'll do some scans and see what happens. EDIT: I didn't realise there was a update to MBAM to 3.1 - the GUI is reporting everything is updated. I'll update and try a scan on my main laptop first.
  23. Hi, I think there's a problem somewhere - the only changes I made today were uninstalling KB3150513 and KB4013214 to remove Win 10 Creator's update notifications on my main laptop for the time being. Windows Defender is disabled through Group Policy, and I'm on the Education SKU. ESET 10.0.390.0 is on my system - but I've never had a problem configuring MBAM and ESET together before. So I don't think there is a conflict with ESET. The Hard drive MbamService was reading and writing to was one of my storage hard drives in RAID0. The service can be terminated and restarted. MBAM initiated a scheduled Hyper and Threat scan - and that's when I ran in to problems, when I was AFK and suddenly heard my laptop fans kick in... so I wondered why... and opened up resource mon. MBAMSERVICE.LOG MBAM-SCANLOGS.txt
  24. Hello I have a multi display system and MBAM has a small UI draw bug where menu options will be drawn on a display other than the display that the main application is open on. I've attached a screen capture. Current display configuration is [1][2*][3] With 2 being the primary display, and 1 set with the Windows taskbar. Thanks EDIT: 1 is technically the Primary because it is a laptop, I just dragged the taskbar to the laptop display so I can have the other 2 for other things without taskbar clutter
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.