mgonzales
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mgonzales
-
-
Obviously a PUP is not clearly malware, virus, trojan or any real defined threat beyond ambiguous.
But would it be so hard to provide more info / a DB or somewhere to look up the reasons for the classification?
For instance:
PUP.Optional.RegOrganizer what does this mean?
All we get is:
This is not really any use to the end user to determine if they wish to act on the warning or not.
please take the time to start explaining your reasons for PUP.
Thank you!
-
If this app and others by the same company are malware vectors please keep flagging them - eagerly awaiting reply / clarification so I know if I should remove or not.
The report on the relationship link that has a 54/63 - has many detections of W32/Neshta.A curious that on that report MalwareBytes say clean / ok while 54 others do not concur.
-
Actually... I would like someone at MalwareBytes to double check if this is a FP or not (the reason for it being added... you should know this info correct?.. I mean things don't just magically get added for no reason I **HOPE** right?)
I did notice at VT link:
if you click the "Relationships" tab and follow the link
Execution parents
This file was created during the sandboxed execution of the following files.Which takes you to this report:File name: RegOrganizer.exe Detection ratio: 54 / 63 Analysis date: 2018-07-02 06:05:59 UTC ( 2 weeks, 5 days ago )
Q: Exploit payload process blocked?
in Resolved Malware Removal Logs
Posted
Saw a message about a blocked exploit but really this doesn't really provide any useful info.
As the exploit is classified as "generic" and the exploit as far as I can tell was an echo command.... what process parent (chain of processes) ran this and why is an echo command an exploit? I have no idea what this was for as I did not run it myself so something else did but it doesn't seem like it was being | (pipped) or redirected or anything...
the hex in ascii is ã:ßÉ
and in decimal is 3812286409
Doesn't seem to be any MAC / hardware address of anything on my laptop.
If the message about the exploit wasn't so generic and I really can't think of a reason for this having been a command that was run and for what purpose it was run I would just let it go.
Thanks for any further insights on this anyone can think of.
Mario