mchenrysoftware

thank you! here was another one that came up this afternoon on the clients computer. it may be yet another false positive (note last entry) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/30/20 Protection Event Time: 3:48 PM Log File: 6f5b1e18-334d-11eb-80c8-00a0cc5ef683.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33662 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 6 Malware.Ransom.Agent.Generic, d:\Users\shans002\Desktop\M3DGraphics.lnk, Quarantined, 0, 392685, 0.0.0, 4A001F53D5756C2B57708E39AE77D3A2, B000D386B99F70C31522AA57E1CD6DEC566929614FE19F19394BBBF89713B677 Malware.Ransom.Agent.Generic, D:\USERS\SHANS001-BACKUP\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\StartMenu\McHenry3DGraphics.lnk, Quarantined, 0, 392685, , , Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\StartMenu\McHenry3DGraphics.lnk, Quarantined, 0, 392685, , , Malware.Ransom.Agent.Generic, C:\MSoft3D\MCHENR~1\MCHENR~1.EXE, Quarantined, 0, 392685, 0.0.0, 1358D71E0DB9AE9158AA35CDFF643A9A, 78058CA96F5C2DEEF06D96C5AFF5EF4F6C9902FC90A9B5BAF03FFF159DC74594 Malware.Ransom.Agent.Generic, C:\MSoft3D\McHenry3DGraphics\MCHENR~1.EXE, Removal Failed, 0, 392685, 0.0.0, 1358D71E0DB9AE9158AA35CDFF643A9A, 78058CA96F5C2DEEF06D96C5AFF5EF4F6C9902FC90A9B5BAF03FFF159DC74594 Malware.Ransom.Agent.Generic, C:\MSoft3D\McHenry3DGraphics\McHenry3DGraphics.exe, Quarantined, 0, 392685, 0.0.0, 1358d71e0db9ae9158aa35cdff643a9a, 78058ca96f5c2deef06d96c5aff5ef4f6c9902fc90a9b5baf03fff159dc74594 (end)

hello he sent this and mentioned he already OKd the file so no further issues if you could check and see whether you need the exe guess it's late in Europe! enjoy the night! brian Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/30/20 Protection Event Time: 5:39 AM Log File: 5a0df03a-32f8-11eb-b1a8-00a0cc5ef683.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33644 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 6 Malware.Ransom.Agent.Generic, d:\Users\shans002\Desktop\MEdit3D.lnk, Quarantined, 0, 392685, 0.0.0, C50EE4BE2BFEC6BF315D63F1356B04A9, 6D2C4E1B5519BDF1D0B99E6530F1C65C3243D53B2FB3F0EEB4EEE966B7D8BD32 Malware.Ransom.Agent.Generic, D:\USERS\SHANS001-BACKUP\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D.lnk, Quarantined, 0, 392685, , , Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D (2).lnk, Quarantined, 0, 392685, , , Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D.lnk, Quarantined, 0, 392685, , , Malware.Ransom.Agent.Generic, C:\MSoft3D\MEDIT3~1.EXE, Quarantined, 0, 392685, 0.0.0, A7FAC07ED174DEAADA27347A26785F75, 404F37FAF864D2007765A59774953989BB0EE419CF400B32B1C166381E450590 Malware.Ransom.Agent.Generic, C:\MSoft3D\medit3dv2.exe, Quarantined, 0, 392685, 0.0.0, a7fac07ed174deaada27347a26785f75, 404f37faf864d2007765a59774953989bb0ee419cf400b32b1c166381e450590 (end)

oh yes i see (ability in a forum to send private file) i will wait to hear form the client. it isn't that large a file (5 megs?) (oh and how we change...i've been in the business a while so seeing the exponential growth of capacity, particularly in wireless (i'm from a long while back 600/1200 baud modem daze! YIKES!) Our updates sometimes we miss digitally signing a file. If that tells you it isn't digitally signed then it may not have been. (we try to be sure ALL files are digitally signed but sometimes in the rush to get things out we miss one or two) Thanks for the heads up and i will let you know resolution or will send file if not resolved with your update today. (waiting to hear back from client) Thanks! Brian

i will check with client for log file and if updated today and that remedies the situation can you send me a nonpublic email to upload the exe to? since do not want to post to a public forum thank you

This morning a client using Malwarebytes Premium 4.2.3 reported an exe which we distribute as part of our software was flagged as malware please correct your mistake we digitally sign our software so why would you mark as ransomware? thank you