Jump to content

Search the Community

Showing results for tags 'emotet'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. Recent signature files identified 2 files on my computer as EMOTET. These files were in a dormant c:\ drive directory that were installed from a Sybex Book's CD called Mastering Database Programming in VB6. This directory hasn't been visited for years and just travels as a directory from one computer to another. The directory contains files that are dated from 1998. I know that the files have not been altered because I dug out the old CD and scanned it. The same two files are identified as Trojan.EMOTET. The C:\ directory has never come up with any flags for as long as I have been scanning with antivirus. Probably greater than 10 years. I can't actually see the file size because they are in quarantine. However, a set of these two files located on another logical HD show that the file size and dates from that location are the same as the ones on the CD. Before I restore them, can you please confirm that they are false positives. I can submit the actual files if you need them. ________________________________________________________________ HERE"S THE LOG FILE FROM THE C:\ DRIVE SCAN: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/21/18 Scan Time: 5:38 PM Log File: 24c542c2-0571-11e9-b9cf-0026b900b27c.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8431 License: Free -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: XPS1640\Robert -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 499417 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 2 hr, 6 min, 38 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.Emotet, C:\VB 6 MASTERING AND DATABASE PROGRAMMING\MASTDPVB (G)\ALPHA\SETUP\DS32A.DLL, Quarantined, [5854], [614685],1.0.8431 Trojan.Emotet, C:\VB 6 MASTERING AND DATABASE PROGRAMMING\MASTDPVB (G)\X86\SETUP\DS32.DLL, Quarantined, [5854], [614685],1.0.8431 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ______________________________________________ Here's the log file from the CD: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/21/18 Scan Time: 8:27 PM Log File: c2d58b9a-0588-11e9-ba29-0026b900b27c.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8435 License: Free -System Information- OS: Windows 10 (Build 17134.472) CPU: x64 File System: NTFS User: XPS1640\Robert -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 2102 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 6 min, 17 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.Emotet, I:\ALPHA\SETUP\DS32A.DLL, No Action By User, [5854], [614685],1.0.8435 Trojan.Emotet, I:\X86\SETUP\DS32.DLL, No Action By User, [5854], [614685],1.0.8435 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  2. I have three computers (so far) with this same problem. The browsers won't open. One of the computers, gets a message from Anti-Exploit when he clicks on FireFox that Malwarebytes Anti-Exploit has blocked an exploit attempt. Application: Mozilla Firefox. Protection Layer: Malicious Memory Protection. Protection Technique: Exploit code executing from Heap Memory blocked. When he clicks on Internet Explorer, he gets the same message with the application being Internet Explorer. When I log onto the same computer as another user (an administrator) I can open both browsers without a problem. This didn't work: Opened Anti-Exploit and went to Settings > Advanced Settings and on each tab, I clicked Default Settings. This didn't work: Ran a full scan in Malwarebytes Anti-Malware and removed the Trojan.Emotet malware and rebooted the computer. Windows is fully patched. As a test, I stopped Anti-Exploit on one computer and the browsers worked again for the regular user. I have attached FRST scan results. I searched the results for the text in the Malwarebytes blog under "Identifying the infected machines" and none of the text was found. Please help. Thanks. Addition.txt FRST.txt
  3. Hello, I'm working on removing a virus at an office location, but I've been unable to completely get rid of it. The virus is called Emotet, and it has the ability to re-install itself across the network. I have previously disconnected all machines from the network at once, and scanned them individually with MBAM, AV Defender, and finally Windows Defender (Just to be sure), but the virus has re-appeared on several machines even after this. All three of the AV programs were able to detect and remove Emotet when present, but they are clearly missing the files that allow re-installation. When running MBAM, I chose 'custom' and enabled 'scan for rootkits', etc. All other scans were full scans. I have attached Farbar files for two machines. PC-1 is the machine that the virus was initially detected on, and PC-2 is a random selection from the rest of the infected machines. It may be important to note that it appears that the virus has been unable to establish itself on the local server, as multiple scans have turned up nothing on there. Thankyou for your time, and please let me know if I need to provide further info. Addition-PC2.txt FRST-PC2.txt Addition-PC1.txt FRST-PC1.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.