Jump to content

BobSoul

Honorary Members
  • Posts

    145
  • Joined

  • Last visited

Reputation

4 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks Just ran scan on one that was always hitting and it came out clean
  2. Ok Heres the second one i grabbed -- running scans now to see if any further false hits richvideouninstall.zip
  3. I will have another one I hope with a different MD5 - from the last machine that has been getting hits
  4. Ok got one from a machine I didnt restore from richvideouninstall.zip
  5. I'll try to get it from last one - I have just been removing the software from each workstation as I have so many to deal with. It appears its the 2020 - 2021 version of the Cyber link Media suite that being detected.
  6. Still detecting on several endpoints -- I'm just removing now since I cant seem to get them to see the update -- unless only stand alone got the update and not Nebula endpoints - So far still getting detections on this file -- I know its a false ID Emsisoft and others are seeing it clean -- and its always the preinstalled dell version that is getting detected. Yesterday and all through the night scans went fine still the update this morning. Any suggestions on getting these endpoints to actually see the correction ?
  7. Some endpoints appear to grab the updated and scan fine others dont even after restarts... Any suggestions?
  8. Even After updating the endpoint agent and protection files -- still detects these after I restore when I rescan-- Its happening across about 100 machines - ( all not on same network ) Should I wait longer to try again?
  9. I am still getting this across several machines just now 11:14 am eastern - I am updating all endpoints manually and then will see how it goes - maybe the update hasnt trickled down to all my endpoints
  10. Did an update and restored and then re ran - it still detected but also removed an additional file - as well as the zip file The machine run scans every 4 hours everyday and prior scans were fine no detection on same files Category: Malware Group name: ITmachines Public endpoint IP: Endpoint name: OS platform: Windows OS release name: Microsoft Windows 10 Pro Location: C:\USERS\NFHRA\APPDATA\ROAMING\Microsoft\Windows\Recent\richvideouninstall.lnk Policy name: ITmachines Report time: June 2nd 2023, 12:14:57 UTC Scan time: June 2nd 2023, 12:06:10 UTC Action taken: Quarantined Threat name: Malware.AI.2019312709 Type: file Ran a scan against the file with EMSISOFT and it came back as clean
  11. Hi Got the following detections on my nebula endpoints detecting cyberlink media suite registry entries and uninstall file - Which is present on most dell system. Category: Malware Group name: ITmachines Public endpoint IP: Endpoint name: OS platform: Windows OS release name: Microsoft Windows 10 Pro Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\RICHVIDEOUNINSTALL.EXE Policy name: ITmachines Report time: June 2nd 2023, 11:10:16 UTC Scan time: June 2nd 2023, 11:01:00 UTC Action taken: Quarantined Threat name: Malware.AI.2019312709 Type: reg_value Category: Malware Group name: ITmachines Public endpoint IP: Endpoint name: OS platform: Windows OS release name: Microsoft Windows 10 Pro Location: C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\RICHVIDEOUNINSTALL.EXE Policy name: ITmachines Report time: June 2nd 2023, 11:10:16 UTC Scan time: June 2nd 2023, 11:01:00 UTC Action taken: Quarantined Threat name: Malware.AI.2019312709 Type: file The diagnostics zip file is to large to upload if you need it let me know which file in the zip to send. I did attach file though richvideouninstall.zip
  12. Here's the log file incase you need MWB_jerryhomenew_Diag_2023_04_29_14_49_18.zip
  13. Had this happen once again - triggering on windows store apps - offcourse it wont let you get file or restore etc cause its a windows protected file and from the last time it was a false detect assumning this again -- Im generating logs now and rerunning scan incase its alreayd been updated/fixed again Category: Malware Group name: offsite Public endpoint IP: Endpoint name: OS platform: Windows OS release name: Microsoft Windows 10 Home Location: C:\PROGRAM FILES\WINDOWSAPPS\A278AB0D.DISNEYMAGICKINGDOMS_7.9.9.0_X86__H6ADKY7GBF63M\A278AB0D.DISNEYMAGICKINGDOMS.EXE Policy name: Retina Consultants Report time: April 29th 2023, 11:34:42 UTC Scan time : April 29th 2023, 11:01:03 UTC Action taken: Quarantined Threat name: MachineLearning/Anomalous.97% Type: file
  14. @ceckelberry Thank you - I never want to just assume something with out testing etc and then verifying -- This way can tell the boss its fine forget about it lol
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.