Jump to content

chuckdee

Members
  • Content Count

    12
  • Joined

  • Last visited

About chuckdee

  • Rank
    New Member
  1. I can't see how to edit my response; I pasted the wrong page for his information page. That should be at https://www.donationcoder.com/forum/index.php?topic=5540
  2. Why? It's just an AHK exe to touch a file and change the modification date. You can see the thread that tells what it does here: https://www.donationcoder.com/forum/index.php?topic=4382.0 The source for the ahk is here: http://www.dcmembers.com/jgpaiva/wp-content/uploads/sites/9/CS/Touch/Touch.ahk It is not a Trojan, and your identification of it as such is a false positive. It's a compiled AHK for convenience only. Thoughts?
  3. IP address: 104.31.86.119 Hostname/URL: hxxp://www.dcmembers.com Member site for DonationCoder.com. Hosts free software- many are AutoHotKey which you seem to get a lot of false positives for. Protection Log Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/30/19 Protection Event Time: 2:06 PM Log File: c14cbdec-b2f4-11e9-8448-74d435e5dae7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11760 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.dcmembers.com IP Address: 104.31.86.119 Port: [12847] Type: Outbound (end)
  4. I've been getting it for a while. But I just install OneDrive again. But after seeing it again, I figured I'd look around and found this post.
  5. Reinstalling onedrive works to get the application back, but I'm more concerned with the fact that at times it stops, and I don't even know that it stopped. I was working on something today and that was the only thing that pointed me to the fact that it was off- the fact that it wasn't synchronized to my work computer. I've added an exclusion and reinstalled onedrive but I'd rather if this problem was corrected in the software. I tried running the the support tool retrieve the logs but got an exception while running it. Thoughts?
  6. Thanks again for all of your help! UPDATE: No... that worked in that it restored access. I did what I should have done before in regards to adding to the exclusions, so it wouldn't be detected now.
  7. Thanks! That worked, and saved me a lot of work! One last thing... is there anywhere to see logs of what antiransomware does on a block? It doesn't show up in the protection logs.
  8. Excellent! Then I can restore antiransomware after I get access? One of my servers got hit with ransomware, so that's pretty much the only reason I keep it running (though that was an exploit in RDP rather than user error)
  9. It's not in MBAM quarantine. Are you saying that if I reboot it should be quarantined?
  10. And I'm just trying to regain access to it, and see logs of what was done in addition. I've excluded the folder from ransomware detection at this point, so the detection of it shouldn't be an issue. The issue is malwarebytes' actions and trying to reverse them without losing work. Pacman has been altered as far as permissions, so I can't do anything with it, even delete it. This is the problem that I'm trying to solve so I have options.
  11. msys2 is not the same as the windows subsystem for linux. It does some of the same things, but there have been other options that were in place before Microsoft implemented WSL, i.e. Cygwin and msys2. I think that pacman.exe is a rewrite of pacman, and therefore not a linux file.
  12. I was installing some things in msys2 and hadn't thought to exclude my dev tools directory. MB incorrectly identified Pacman.exe as ransomware, and removed all rights from the file. I have added an exclusion, but is there a way to reverse the actions of MB, i.e. make pacman accessible? Deleting it wouldnt' have been worse than this. And is there a log of the anti-ransomware's actions? It took me a while to figure out exactly what it had done, as the alert was not logged. I've received alerts before on things that were not ransomware, and now I'm worried about what it did in the past, as I was never able to find this information even then. It tells me real-time detections 350, and that includes websites it blocks, but without a log of those actions, that number is pretty worthless. Version infromation Malwarebytes: 3.3.1.283 Component Package: 1.0.262 Update Package: 1.0.4232
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.