FourCandles

The Flash Player has been uninstalled and Fast Start turned off. Output from the FRSTENGLISH tool is attached. Thanks. Fixlog.txt.zip

mbst-grab-results.zip

Hi Maurice, thanks for the follow up. I'll get this actioned and send the logs to you. Please note that the image in the post where the AdvancedSetup removed the hyperlink is nothing to do with me. No idea what it's doing there but if you have the ability to remove it then please do as I don't appear to be able to edit the post. The detections I'm experiencing are solely of the format: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo etqSHeLstLuH There is no other detection present, i.e. no Malware, Trojan or blocked website as shown in that rogue image. Thanks!

Sorry, the direct URL to the forum post is : I think this can be moved to the False Positives section - seems like this is a pretty buggy part of MB at the moment.

Can you expand on this? I can't download the rar'd log file and am wondering if it relates to an issue I'm having with MB flagging cmd.exe as an exploit: Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo etqSHeLstLuH This started happening recently, after installing an updated NVIDIA GeForce MX250 driver. Thanks

Getting multiple RTP detections, here is an example: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 25/09/2023 Protection Event Time: 13:00 Log File: 16874252-5b9b-11ee-9887-00e04c88b9d0.json -Software Information- Version: 4.6.2.281 Components Version: 1.0.2131 Update Package Version: 1.0.75649 Licence: Trial -System Information- OS: Windows 10 (Build 19045.3448) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.PayloadProcessBlock, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo etqSHeLstLuH, Blocked, 701, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo etqSHeLstLuH URL: In all instances the text that is in bold is a similar number of characters but different actual characters. Anyone know if this is a false positive? There was another report in the forums back in 2019 but not resolved: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwip2Mm3lcuBAxUJBcAKHXioD2sQFnoECBQQAQ&url=https%3A%2F%2Fforums.malwarebytes.com%2Ftopic%2F242913-q-exploit-payload-process-blocked%2F&usg=AOvVaw2f7QtdH5-fPIpF5SO1rVgG&opi=89978449 Thanks!