Jump to content

mgonzales

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by mgonzales

  1. Saw a message about a blocked exploit but really this doesn't really provide any useful info. As the exploit is classified as "generic" and the exploit as far as I can tell was an echo command.... what process parent (chain of processes) ran this and why is an echo command an exploit? I have no idea what this was for as I did not run it myself so something else did but it doesn't seem like it was being | (pipped) or redirected or anything... the hex in ascii is ã:ßÉ and in decimal is 3812286409 Doesn't seem to be any MAC / hardware address of anything on my laptop. If the message about the exploit wasn't so generic and I really can't think of a reason for this having been a command that was run and for what purpose it was run I would just let it go. Thanks for any further insights on this anyone can think of. Mario Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/19/19 Protection Event Time: 11:34 PM Log File: f5eaa4a6-34e1-11e9-bbda-705ab6a6fa05.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9322 License: Premium -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo E33ADFC9 URL: (end)
  2. Obviously a PUP is not clearly malware, virus, trojan or any real defined threat beyond ambiguous. But would it be so hard to provide more info / a DB or somewhere to look up the reasons for the classification? For instance: PUP.Optional.RegOrganizer what does this mean? All we get is: This is not really any use to the end user to determine if they wish to act on the warning or not. please take the time to start explaining your reasons for PUP. Thank you!
  3. If this app and others by the same company are malware vectors please keep flagging them - eagerly awaiting reply / clarification so I know if I should remove or not. The report on the relationship link that has a 54/63 - has many detections of W32/Neshta.A curious that on that report MalwareBytes say clean / ok while 54 others do not concur.
  4. Actually... I would like someone at MalwareBytes to double check if this is a FP or not (the reason for it being added... you should know this info correct?.. I mean things don't just magically get added for no reason I **HOPE** right?) I did notice at VT link: https://www.virustotal.com/en/file/220b441f09f2bb7f0425a00b1a3b511aface2cd8f2d4b02915d39e062f8ea8c3/analysis/1532121564/ if you click the "Relationships" tab and follow the link Execution parents This file was created during the sandboxed execution of the following files. 22d8e2fcf312cd2ade1b0e7b3675445b70377ffc5492672f2d54825399c18b42 Which takes you to this report: https://www.virustotal.com/en/file/22d8e2fcf312cd2ade1b0e7b3675445b70377ffc5492672f2d54825399c18b42/analysis/ File name: RegOrganizer.exe Detection ratio: 54 / 63 Analysis date: 2018-07-02 06:05:59 UTC ( 2 weeks, 5 days ago )
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.