Jump to content


  • Content Count

  • Joined

  • Last visited

About Lesyk009

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello, Just had a dozen or so of my network PCs throw off the following alert during their nightly full scan. Looks like it might be related to Microsoft office, anyone else having this happen?: Name Type Category Status Path RiskWare.IFEOHijack Reg, Key Malware Quarantined HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE RiskWare.IFEOHijack Reg, Key Malware Quarantined HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSPPSVC.EXE
  2. Detection Name: Malicious Website Action Taken: Blocked Category: Website Scanned At: 02/10/2020 11:20:40 AM Reported At: 02/10/2020 11:20:41 AM Type: Outbound Connection Endpoint: CUSTSRVC-03-102.brimar.com Domain: login.live.com Group Name: Customer Service IP Address: Port: 64213
  3. Sorry, IP address and
  4. Throwing off blocked malicious website alerts, all for login.live.com with different ports. Coming from multiple endpoints.
  5. I unfortunately am remote at the moment and have shut down the computers that these were caught on. One of these was caught in a windows.old folder so it seems like this should have been caught before if it was a legit issue.
  6. Got a few computers reporting the following two files as malicious and quarantining them. \Windows\SysWOW64\winver.exe \Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\winver.exe Anyone have the same issues?
  7. That has resolved the issue. After turning off those triggers, then restarting the exploit service and then testing with excel the issue did not occur.
  8. Tested, did not resolve the issue. Check off both of those settings locally on my machine, opened an excel docuement went to view updates and exploit immediately closed the program and sent out an alert. The only positive from all of this is I know my Malwarebyte alert settings are on point.
  9. Response from support this morning- "I am just follow up with you to let you know that our team is working to fix this issue on our end. I will keep you update soon I have any update from our development team."
  10. No fix so far. They responded twice, first they assumed I was using cloud version of malwarebytes which I am not, and they should have known since they asked me for specific logs from my management console. Then they asked me to add an exception in the form of an MD5 hash to one of my policies, and that did not work. Haven't heard back since. =/
  11. Sent them logs yesterday haven't heard back yet. We got an alert from Acrobat this morning, exploit just out right blocked acrobat's main process - AcroRd32.exe.
  12. Good to know I'm not the only one, could you possibly open an office application and try to view updates and see if that triggers the same issue? File>Account>Update Options> View Updates. Thanks in advance to anyone who checks this out. Attached the entire exploit folder in ProgramData as requested in the first post. Exploitdata.zip
  13. Hi All, Over the last few days we have experienced several issue with exploit blocking office from doing a multitude of safe activities. For example clicking on an email in excel, one made internally, would get caught as an exploit. Viewing/checking updates in office get's caught as an exploit. Clicking the manage account button gets caught as an exploit. This doesn't appear on every PC and OS doesn't seem to matter (both win7 and win10 have this issue occur). Has anyone else experienced this? I have a ticket open with malwarebytes and am collecting logs.
  14. Hello Malwarebytes community! Having a very particular issue with several endpoints in my environment getting application errors (see attached image) in the windows event log. These are both win7 and win10 computers all 64-bit. The event references the faulting module path as C:\WINDOWS\SYSTEM32\MSVBVM60.DLL but that DLL is actually located in the SYSWOW64 folder. This causes a few issues including not reporting the correct last scan time in my managed console, which is how I noticed this issue to begin with. I have tried a few things already, rebooting (alleviates for a time), reinstalling (alleviates for a time), using the mbam-clean tool and reinstalling (not enough time has passed to see if this is a solution). I have also tried copying the dll to the system32 folder (It doesn't appear to have changed anything). I have attached my manage console logs, and a user log, let me know if anything else is needed. Any help would be much appreciated! MBMC_Diagnosis_Info_2019_07_02_164810 (2).zip MBMC_Client_Diagnosis_Info_2019_06_28_163102.zip
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.