Jump to content

StroTech

Members
  • Content count

    35
  • Joined

  • Last visited

About StroTech

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Sadly it is still happening. To note, we are able to import using excel's legacy wizard. Turn On Excel Legacy Import Wizard.docx
  2. Checking to see if anything has been found out
  3. Here are the detections from Malwarebytes: 1 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0 Quarantined PUP.Optional.Spigot.Generic 2 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css Quarantined PUP.Optional.Spigot.Generic 3 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html Quarantined PUP.Optional.Spigot.Generic 4 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup Quarantined PUP.Optional.Spigot.Generic 5 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js Quarantined PUP.Optional.Spigot.Generic 6 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\popup Quarantined PUP.Optional.Spigot.Generic 7 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\newtab Quarantined PUP.Optional.Spigot.Generic 8 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales Quarantined PUP.Optional.Spigot.Generic 9 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales\en Quarantined PUP.Optional.Spigot.Generic 10 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata Quarantined PUP.Optional.Spigot.Generic 11 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop Quarantined PUP.Optional.Spigot.Generic 12 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\chromeRestore.js Quarantined PUP.Optional.Spigot.Generic 13 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\after.js Quarantined PUP.Optional.Spigot.Generic 14 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\background.js Quarantined PUP.Optional.Spigot.Generic 15 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\contentscript.js Quarantined PUP.Optional.Spigot.Generic 16 computer name usrname IP Address doamin 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\icon.png Quarantined PUP.Optional.Spigot.Generic 17 computer name usrname IP Address doamin 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\manifest.json Quarantined PUP.Optional.Spigot.Generic 18 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css\description.css Quarantined PUP.Optional.Spigot.Generic 19 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\css\popup.css Quarantined PUP.Optional.Spigot.Generic 20 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup\description.html Quarantined PUP.Optional.Spigot.Generic 21 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\html\popup\popup.html Quarantined PUP.Optional.Spigot.Generic 22 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\userNewTab.js Quarantined PUP.Optional.Spigot.Generic 23 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\js\popup\popup.js Quarantined PUP.Optional.Spigot.Generic 24 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\newtab\slim_newtabpage.html Quarantined PUP.Optional.Spigot.Generic 25 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_locales\en\messages.json Quarantined PUP.Optional.Spigot.Generic 26 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata\computed_hashes.json Quarantined PUP.Optional.Spigot.Generic 27 computer name usrname IP Address domain 5/24/2018 10:02:14 AM Anti-Malware C:\Users\usrname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanglbnegdlehmfgpggdmleafnehpbop\1.0_0\_metadata\verified_contents.json Quarantined PUP.Optional.Spigot.Generic The only copy of the files are in the quarantine and I do not want to take them out of quarantine until it is sure that they are a false positive.
  4. Checking to see if this is a false positive or not. Quarantine.zip
  5. When a user goes to the data ribbon to import From Text/Excel, the import fails due to a block from malwarebytes. Excel just closes with no error or anything. The Malwarebytes detection does not really give me a good idea of a particular service to add an exception for. Alert Time: 5/23/2018 10:27:07 AMServer Hostname: Server Domain/Workgroup: Server IP: Notification Catalog: ClientDescription:Exploit threat detected, see details below: 5/23/2018 10:26:13 AM Exploit code executing from Heap memory blocked BLOCK Microsoft Office Excel C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE Attacked application: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE; Parent process name: explorer.exe; Layer: Malicious Memory Protection; API ID: 203; Address: 0xC84EED21; Module: ; AddressType: 0x00020000; StackTop: 0xCAA40000; StackBottom: 0xCA946000; StackPointer: 0xCAA3E9A8; Extra: Total count: 1.
  6. I think i might have figured out the new problem, it looks like after changing the IP, we still need to set an exception for our vpn for the new server.
  7. I tried editing the IP in C:\ProgramData\sccomm\SCComm.xmlC:\Program Files (x86)\Malwarebytes Managed Client\SCComm.exe.config on one computer and it still is not connecting.
  8. Ok, so it does look like they are still using the old server's i[p in those files. I edited the one on the server C:\Program Files (x86)\Malwarebytes Managed Client\SCComm.exe.config and tried reinstalling it over the old install, but this did not change the files on the client. I uninstalled it and reinstalled it on one computer using a newly created install package with the edited server file C:\Program Files (x86)\Malwarebytes Managed Client\SCComm.exe.config and it worked successfully. Although, I would prefer not to have to uninstall and reinstall every client. Did you say that you have some way to make these two files generic: C:\ProgramData\sccomm\SCComm.xmlC:\Program Files (x86)\Malwarebytes Managed Client\SCComm.exe.config
  9. Hello, We recently migrated our Management Server to a new server. Everything seemed to be going well, however, now about 4 clients are no longer reporting in. Even after uninstalls and reinstall of the client program. I am also worried that other machines might start having issues. What is needed to take a look at this issue?
  10. ok, thank you very much
  11. Hello, has anything been found out about those files?
  12. We use the managed clients, business version of malwarebytes, is there a download for that version?
  13. Ok, thank you, sorry about that. Are we not on the latest version of malwarebytes?
  14. I think these are false positives, but would like to verify New folder (2).zip
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.