Jump to content

WestM

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by WestM

  1. Detected again.... see below & diagnostic log attached. Endpoint name: xxxxxxxxxxxxxxxxxxxxxxx OS release name: Microsoft Windows 10 Pro OS Platform: Windows Category: Malware Type: file Path: C:\WINDOWS\SYSWOW64\UNWISE32.EXE Action Taken: Quarantined Scan time: 2021-09-17T05:00:02Z Report time: 2021-09-17T12:09:48.573628377Z Machine IP: xxxxxxxxxxxxx Group name: xxxxxxxxxxxx Policy name: xxxxxxxxxx Threat name: Malware.AI.3695474678 735716846_MalwarebytesDiagnostics.zip
  2. I also uploaded it for sandbox analysis in the Malwarebytes Nebula interface. The results were "No Threat" yet it continues to be detected and quarantined.
  3. Diagnostics log attached. 598550636_MalwarebytesDiagnostics.zip
  4. i have the same issue. Besides the workaround posted above is Malwarebytes working on a more permanent fix?
  5. Possible False Postive... 66eae292-b9f1-11eb-af12-64006a2a4466.zip
  6. Files attached UnWise32.zip 65df89d5-b9f1-11eb-9741-e454e87335e9.zip
  7. Scan Report: 05/21/2021 1:00:01 AMBack to Scan History Scan Log Details Endpoint name: xxxxx.WMDOMAIN01.local Scan date and time: 05/21/2021 1:00:01 AM Version: 4.3.2.106 Component package version: 1.0.1251 Protection update version: 1.0.40722 OS: Windows 10 (Build 19042.985) CPU: x64 File system type: NTFS Logged-in user: xxxxx\Clerks Scan Summary Scan Type: Custom Result: Completed Objects scanned: 557421 Time elapsed: 6h 30m 12s Processes: 0 Modules: 0 Registry keys: 0 Registry values: 0 Registry data: 0 Folders: 0 Files: 1 Scan Options Memory: True Startup: True File system: True Rootkits: True Heuristics: True Archives: True PUM: True PUP: True Threats Found Name Type Location Action ID Malware.AI.2711381214 File C:\WINDOWS\SYSWOW64\UNWISE32.EXE Quarantined bb9686ac-ba23-11eb-be80-f8b156a92423
  8. It is... see https://blog.malwarebytes.com/detections/exploit-cve202121551/ & https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
  9. Files posted DBUtil_2_3.zip 6eb516bc-b3ea-11eb-888d-54bf64813528.zip
  10. Exploit.CVE202121551 Reg, Key Malware Quarantined HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DBUtil_2_3 Exploit.CVE202121551 File Malware Quarantined C:\WINDOWS\TEMP\DBUTIL_2_3.SYS
  11. Uploaded files. uninstall.zip beaf8ef8-b215-11eb-a2e5-0026b9812823.zip
  12. Once it gets restored I will upload it.
  13. Scan Log Details Endpoint name: xxxx.xxxx.local Scan date and time: 05/11/2021 1:00:02 AM Version: 4.3.2.106 Component package version: 1.0.1251 Protection update version: 1.0.40312 OS: Windows 10 (Build 19042.928) CPU: x64 File system type: NTFS Logged-in user: xxxx Scan Summary Scan Type: Custom Result: Completed Objects scanned: 784896 Time elapsed: 13h 0m 16s Processes: 0 Modules: 0 Registry keys: 0 Registry values: 0 Registry data: 0 Folders: 0 Files: 1 Scan Options Memory: True Startup: True File system: True Rootkits: True Heuristics: True Archives: True PUM: True PUP: True Threats Found Name Type Location Action ID Malware.AI.349299031 File C:\PROGRAMDATA\VMWARE\VMWARE PLAYER\UNINSTALLER\UNINSTALL.EXE Quarantined 23aa66e4-b233-11eb-89e9-0026b9812823
  14. I am running on the Nebula cloud platform. Not the Premium. Diagnostics log? PRISMSVR.zip
  15. C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCCLARU.DLL False Positive?
  16. C:\Windows\System32\PRISMSVR.exe False positive?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.