Kz0713ep
-
Posts
15 -
Joined
Content Type
Events
Profiles
Forums
Posts posted by Kz0713ep
-
-
10 hours ago, miekiemoes said:
你好,
我對白名單做了一些調整,將在下次數據庫更新中應用。
Thank you for your quick reply and confirmation, the issue is solved.
-
8 hours ago, miekiemoes said:
你好,
我無法重現檢測。
Version: 4.5.9.198
Components Version: 1.0.1699
Update Package Version: 1.0.56110Install the extension and use threat scan or custom scan appdata\local\google folder, after moving the google folder, scan again without detection
https://chrome.google.com/webstore/detail/pop-up-blocker-for-chrome/bkkbcggnhapdmkeljlodobbkopceicheI think mbam false positive detection "bkkbcggnhapdmkeljlodobbkopceiche", expert system algorithms is not enabled.
Registry Value: 1
Trojan.CrthRazy, HKU\S-1-5-21\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 3051, 976804, , , , , ,Folder: 2
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 3051, 976804, , , , , ,
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE, No Action By User, 3051, 976804, 1.0.56110, , ame, , ,File: 9
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 3051, 976804, , , , , 3F5B270743413D063F00FF85CC1DA23C, E23C46DE4308416FFF512D6CF2BF042E5ACB3C499511D70DBF109F8849CFEF30
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 3051, 976804, , , , , E7A1DA501886B35C0F908D1902B54FB4, 3A8E118EA6C45276B7DA412C4173B93B70D805E37D9B92A95537195EF2FBCA81
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\000003.log, No Action By User, 3051, 976804, , , , , 74F8D7F7A76E6604EB2FD247A9269C30, AB5CB46CB71AECE464D6F3C60C77B66EC8A43E7EE7F9A12922F89ACCF6751897
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\CURRENT, No Action By User, 3051, 976804, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOCK, No Action By User, 3051, 976804, , , , , ,
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG, No Action By User, 3051, 976804, , , , , 8F68F5DE7916684ADEC707861454A4FD, 76AC0A4BC12763DF63E2BBFD826E81F5716250BA09F86226F3339FCDD277397D
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG.old, No Action By User, 3051, 976804, , , , , 9293552ABF885154F95875F775E7E0E7, FA0F1C1AE44DEEDC38898B0E349D7A25404A596802C570848752FE33C195C0E5
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\MANIFEST-000001, No Action By User, 3051, 976804, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE\5.8_0\BACKGROUND.JS, No Action By User, 3051, 976804, 1.0.56110, , ame, , 5C7C136E9B61E83576C592E15285878E, B45B397385A15FB56CB6249806934F9427A592D8D11D5704BDC0AD62746C277B
-
On 2022/6/10 at PM2點37分, miekiemoes said:
你好,
我會看看我是否可以以不同的方式將其列入白名單,因為它會觸發擴展內的惡意 url,在這種情況下用於阻止。
Version: 4.5.9.198
Components Version: 1.0.1699
Update Package Version: 1.0.56079PoP Block Extension supports reply confirmation is software error detection, uses Virustotal and MetaDefender to detect 0/64, has been added to the whitelist.
-
3 minutes ago, miekiemoes said:
你好,
請張貼檢測日誌。
Version: 4.5.9.198
Components Version: 1.0.1689
Update Package Version: 1.0.56005Scan Type: Threat Scan
Threats Detected: 13Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: DetectRegistry Value: 2
Trojan.CrthRazy, HKU\S-1-5-18\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 3053, 976804, , , , , ,
Trojan.CrthRazy, HKU\S-1-5-21\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 3053, 976804, , , , , ,Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 2
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 3053, 976804, , , , , ,
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE, No Action By User, 3053, 976804, 1.0.56005, , ame, , ,File: 9
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 3053, 976804, , , , , 6277294A60B4DB9A28C5CE6C1F07EEA8, FD4BF2B0D0A2F0EBE61CB15A61A3313460AC5FBCC49AD0B7C7D1FB25B2404E66
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 3053, 976804, , , , , 70C6177D9C53D3FBEFA0B3F7FF28027A, 30886D6A0E24EDC23F2F7D7702BDCD744CC53CDB21DF382536B9DC8AD50E8BD1
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\000003.log, No Action By User, 3053, 976804, , , , , 984EC059849F9223D6FB9E22B5A17188, 4076DDEFAC9859616B1D1006F2FE0B7C594CE58DDF42A2207852DC46BABE122A
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\CURRENT, No Action By User, 3053, 976804, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOCK, No Action By User, 3053, 976804, , , , , ,
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG, No Action By User, 3053, 976804, , , , , 6D494D1DAF43D9CC46CDDCCFA45A0915, CA7D2421EFA267DC3D140D92C6EC2F7426FD6995DADFAE1FF538E7C4C2188780
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG.old, No Action By User, 3053, 976804, , , , , 94AF32B177E7F11F20B14BA7EBA2C318, 9C5EBE89F5F32768F137DFAEE8F23447B603B2329E8D1BD2EB4F79ABAC8C8A05
Trojan.CrthRazy, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\MANIFEST-000001, No Action By User, 3053, 976804, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
Trojan.CrthRazy, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE\5.8_0\BACKGROUND.JS, No Action By User, 3053, 976804, 1.0.56005, , ame, , 5C7C136E9B61E83576C592E15285878E, B45B397385A15FB56CB6249806934F9427A592D8D11D5704BDC0AD62746C277BPhysical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end) -
On 2022/6/9 at PM1點37分, miekiemoes said:
你好,
感謝您的報告。這將得到解決。
The problem is not solved, use chrome today to detect the same browser extension of "Trojan.CrthRazy" now.
-
Daily scheduled scan, today's extension update detected PUP Cardinaldata
Pop up blocker for Chrome™ - Poper Blocker 5.8 Build 1
Version: 4.5.9.198
Components Version: 1.0.1689
Update Package Version: 1.0.55972Registry Value: 2
PUP.Optional.Cardinaldata, HKU\S-1-5-18\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 15778, 635567, , ,
PUP.Optional.Cardinaldata, HKU\S-1-5-21\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 15778, 635567, , ,Folder: 2
PUP.Optional.Cardinaldata, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche, No Action By User, 15778, 635567, , ,
PUP.Optional.Cardinaldata, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE, No Action By User, 15778, 635567, , ,File: 9
PUP.Optional.Cardinaldata, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 15778, 635567, , , , , 6277294A60B4DB9A28C5CE6C1F07EEA8, FD4BF2B0D0A2F0EBE61CB15A61A3313460AC5FBCC49AD0B7C7D1FB25B2404E66
PUP.Optional.Cardinaldata, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 15778, 635567, , , , , EA2FCEA36D6D05B990BD1ECE516F764B, 7E1AD89BB67884DA4D4D8730C075A80A7F829EB1D0F850241BA38C480800363A
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\000003.log, No Action By User, 15778, 635567, , , 984EC059849F9223D6FB9E22B5A17188, 4076DDEFAC9859616B1D1006F2FE0B7C594CE58DDF42A2207852DC46BABE122A
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\CURRENT, No Action By User, 15778, 635567, , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOCK, No Action By User, 15778, 635567, , ,
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG, No Action By User, 15778, 635567, , , D58774A798B663738CDB6963C81B18DF, F27777C7F49C6CD4761320B09AEC86698DA1CA58114BA340B56CA27DC7B26ABC
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\LOG.old, No Action By User, 15778, 635567, , , 94AF32B177E7F11F20B14BA7EBA2C318, 9C5EBE89F5F32768F137DFAEE8F23447B603B2329E8D1BD2EB4F79ABAC8C8A05
PUP.Optional.Cardinaldata, F:\Users\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bkkbcggnhapdmkeljlodobbkopceiche\MANIFEST-000001, No Action By User, 15778, 635567, , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Cardinaldata, F:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKKBCGGNHAPDMKELJLODOBBKOPCEICHE\5.8_0\BACKGROUND.JS, No Action By User, 15778, 635567, 1.0.55972, , ame, , 5C7C136E9B61E83576C592E15285878E, B45B397385A15FB56CB6249806934F9427A592D8D11D5704BDC0AD62746C277B -
Using this version of the software has not been detected for half a year, when update mbam v4.5.0 caused a misjudgment.
Malware.AI.3199638852, T:\MT\GPU-Z.2.39.0.EXE, No Action By User, 1000000, 0, 1.0.48776, A4DC8CF07DDB304BBEB69D44, dds, 01561870, F0ED63ED5D665F2E876D7784A0153702, 088BCACBEA892B7B4A00CDB08504D2DBEF8329B3B1E42B1F9C51E12E89F947A0
Software Information
Version: 4.5.0.152
Components Version: 1.0.1538
Update Package Version: 1.0.48776 -
File misjudgment, source NEXON Game File
MBAM Version v4.4.6.132
Malware.AI.3880127530,1.0.45056,0E1AE7559130CA56E7460C2A, dds, 01427224, F4CA5A9246DD8E8AFB886FC4A55477EE, D12CD536F3519116C78DB59F9065C123AE4248EEF07DE0005C12A05BB7976243
-
File source: steam nexon game
File: 1
Malware.Heuristic.1003, K:\NEXON\PATCHER.DAT, No Action By User, 1000001, 0, 1.0.43183, 0000000000000000000003EB, dds, 01336285, F23D8B1CCD65BF3BCDBD4020615D16FF, 26F7825CECB515FB1FEF4E065F600B78219E77D1D8FF05ADE0A2A1B428965407Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43183 -
Still misjudged the file
File source: steam games, file verification passed
-Log Details-
Scan Date: 6/7/21
Scan Time: 11:45 PM
Log File: 4e1b3ce6-c804-11eb-9a0d-000000000000.json
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41441Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1Malware.AI.4276809688,C:\A.K.C\SURVEY1109.DLL, No Action By User, 1000000, 0, 1.0.41441, 738C5B507DEDC95CFEEAEFD8,dds,01280270,8599384E5B90F6E57966A4229BE86E95,962317A9B3610E149E38C1A81C42F152B84097A94808EB900B5B58D20F227844
-
File misjudgment, all games using the file detect Malware.AI.4276809688
Full scan every day until detected today,using expert system algorithms to identify malicious files disable
MBAM Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41439 -
Using expert system algorithms to identify malicious files has not been enabled before, maybe it's just a misjudgment file.
The problem has been solved, thank you both for your reply and help.
-
Suspected misjudgment files since the database was updated on 5/16
Full scan every day until detected today
Delete misjudgment files, the startup program will automatically create new files
iWatchDVR 1.2.0.54 create module file
False judgment file Raparobot.dll.1.1.0.1999.???MBAM Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40512 -
Have been using a sandbox for several months, using a daily scan
Suddenly detected the sandbox as malware todayDetect:Malware.Generic.3768833014
GEEK.7Z Trojan.CobaltStrike False detection
in File Detections
Posted
Running threat scans daily, Trojan.CobaltStrike detected today
Version: 4.5.15.215
Components Version: 1.0.1784
Update Package Version: 1.0.61248
Geek.7z https://www.virustotal.com/gui/file/a95062b7b073328587e6283553f50279752ba4122bd010e279c6f66c2a9cac6e?nocache=1
Geek v1.4.9.exe https://www.virustotal.com/gui/file/dac61bdb6f94e069ffe3c2fc1ef6abbd2d649b36b9eabb5e71e8e315eadfd188?nocache=1
geek v1.4.9.7z