Jump to content

CSProf

Members
  • Content Count

    5
  • Joined

  • Last visited

About CSProf

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Holy freakin' gods! Heart attack city: I was in the midst of posting on facebook this afternoon about, of all things, Russian hacking of the election -- and suddenly mbam goes berserk with alerts about malware connections from firefox. Well over 100 of them, many of them looking like legit sites (google ads) but many domains I'd never heard of. Srsly, I'm posting about Russian hacking and what, they're hacking my PC as I type?!? Sheeeee-it! I did restart firefox and check mbam for an update, which there just happened to be one, and that stopped the flood of alerts. Whew, glad to see it wasn't just me. Really bad timing to have a freak out, mbam guys! :) However, it did point out a feature that would be useful: Ability to view and especially export ALL event reports at once. Trying to look through each individually is super tedious. Thx.
  2. Hi, Arthi, I PM'd you, haven't heard back...
  3. So, I keep getting reports about ransomware regarding mv.exe from the cygwin linux tools distribution (which is then annoying deleted so I have to restore it). Here's the log info and mv.exe binary in a zip so y'all can check it out. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/17/18 Protection Event Time: 5:24 PM Log File: 5c080fa2-2a3a-11e8-a5e2-a4173112e420.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4396 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, c:\cygwin\bin\mv.exe, Delete-on-Reboot, [0], [392685],0.0.0 (end) mv.zip
  4. Hi, how can I whitelist this puppy?-- I have a little script that pops up a periodic note. It's driven by a perl script called by task scheduler. Perl calls a .bat file utility I created that does a popup window with a message. The msgbox.bat file calls mshta.exe to do a WScript.Shell Popup-- mshta "javascript:var sh=new ActiveXObject( 'WScript.Shell' ); sh.Popup( '%*', 10, '', 64 );close()" Mostly this works, but every so often, MBAM blocks it. (Nothing in any of the files has changed.) I've put both the perl script and the msgbox.bat file on the file exclusions list. I don't want to whitelist all calls to mshta.exe for obvious reasons. So, how do I accomplish that? I've seen similar with some other scripts I've written (where my script calls all sorts of other scripts), and mostly it seems to work to allow the top script, though every now and then MBAM will still block them. It would be nice to have a way to whitelist a script and anything it invokes when it runs. Log file attached... Thanks! xxmbam-popup.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.