Gantz4

Yes, Malwarebytes is whitelisted. Since this problem, I've run numerous time the scan by MB and that particular message didn't return. Even if a open the registry of VoodooShield, I only found that particular entry listed two times, when the popup first occured. I deleted the block setting and the registry to see if the message come back, but to this moment that particulat "script" didn't run. I believe that the MB trigger was only a coincidence. In that particular moment something runs rundll with that option and at the same moment I was trying the scan from MB. I try again immediatly after and the blocked script popup again. I don't know if a need to open another thread becuase now this seems uncorrelated. I tried searching online and "rundll32.exe c:\windows\system32\davclnt.dll,davsetcookie" seems used by malware, buti n my case the host is note an IP, but the name of my PC... It seems like davsetcookie accessed /root/subscription:nteventlogeventconsumer.name:d"scm event log consumer" (I cleaned the previous script which contains many %). I don't know how this nteventlogeventconsumer work. From my basic understanding davsetcookie in related to WebDav, a client to access remote documents. But I do not use remote document and I don't know if it's normal that the scm event log consumer was accessed via http or like a webpage, instead that normally written locally like a normal file. Please see my upper quote. At this moment I believe the strange behaviour with MB was only a coincidence, and VoodooShiled only alerted the execution of the previous code, which I don't know if is maliciuos or not...

Hi, I'm on a clean machine with a new installation of Windows 10 due to slowness of the precedent installation and the fear of a malware. On this new installation, Cyberlock (ex VoodooShield) popup a warning if I start a scan with Malwarebytes. Let's say about two scan out of five trigger the popup. The other two somehow are autoallowed by Cyberlock. The popup is: rundll32.exe c:\windows\system32\davclnt.dll,davsetcookie desktop-####### http://desktop-#######/root/subscription%3anteventlogeventconsumer.name%3d%22scm%20event%20log%20consumer%22 The ####### part is a code like fnp4g7t, and that name "desktop-#######" is the same name of my pc (if a go in my router setting and I search for the connected device. desktop-###### is the name of my PC). I've searched online and I found that "rundll32.exe c:\windows\system32\davclnt.dll,davsetcookie" is often associated with malware, and that the next part after that command is a host. In this case the host is the name of my PC I believe. Is this something normal with malwarebytes? It need to create some sort of log o new file or run the rundll32.exe with davcInt.dll and davsetcookie? If I block that command the scan is somehow stuck for a few seconds, then it finishes without founding nothing. I have also scanne my system with KVRT, tdsskiller and EmsisoftEmergencyKit. It's all clean but Malwarebytes is the only one that trigger this specific command. Thanks