Jump to content

Search the Community

Showing results for tags 'exploit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, Pretty sure these detections are false positives but figured I would be sure. Made a word document and went to print as usual but was blocked from printing. Around exactly this time I also recieved a notification from microsoft about peronalizing settings which I closed so not sure if that caused a detection as well. Note I was on an older version of bytes 4.5.4.168 but updated and recieved the same detection when trying to print from word. I tested using a test print and it went through so Im pretty certain its something in bytes not liking word or office. Saw people with similar issues before from reading through the forums. Everything was working fine until today. Wondering what settings may be causing this to occur if it is indeed a false positive. Long time lurker, first time poster, thanks in advance for taking a look! First detection as follows Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/14/22 Protection Event Time: 8:53 AM Log File: e1859a8b-bbf1-11ec-b09f-e02be962260d.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.53647 License: Premium -System Information- OS: Windows 10 (Build 19044.1586) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent - Process Hollowing Protection, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Protection Against OS Security Bypass Protection Technique: Process Hollowing Protection File Name: URL: (end) Second detection Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/14/22 Protection Event Time: 8:54 AM Log File: fecfa6f8-bbf1-11ec-8f73-e02be962260d.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.53647 License: Premium -System Information- OS: Windows 10 (Build 19044.1586) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent - Exploit payload process blocked, C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192 URL: (end)
  2. Hello, When I want to ssh into my local server Malwarebytes blocks that connection. It never use to do that. I added a registry into regedit called EnableLinkedConnections and afterwards started getting the connection blocked. Afterwards I removed it and still had the same issue. I use Malwarebytes on windows 11 home edition. The location in the regedit was HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System Logs.txt
  3. User Sally reported this problem on 11/5/21 under the title of "I can run Word because RTP detection" (I am assuming she meant "can't"). I am having the same issue. The thread was closed without resolution. The log is shown below. It is also attached. My eye is drawn to the 8192 after the splwow64.exe. Is that the port number? Does that even make sense? Also attached is the mb support tool output. I'm in the same boat and not sure what to do. Thank you. Jack PS, a snivey about the support tool. It says that the file mbst-grab-results.zip is on my desktop. It is not. It is in the folder C:\Users\Public\Desktop. Please modify the tool so that it provides the complete path or at least change the verbiage. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/8/2021 Protection Event Time: 4:32 PM Log File: 43e9a42e-586e-11ec-8d6f-28d24431946b.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.48326 License: Premium -System Information- OS: Windows 11 (Build 22000.348) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent - Exploit payload process blocked, C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192 URL: (end) exploit.txt mbst-grab-results.zip
  4. Has anyone figured out a fix for Malwarebytes flagging the auto-update package for Plex.tv as having Malware. See screenshot. Thanks for any guidance.
  5. I updated to Libreoffice V 7.1.6.2 today. When I tried to select the Java Runtime environment I immediately received the following error in the attached file. I tried to add the file to the allow list but nothing worked. The download was directly from the Libreoffice site at https://www.libreoffice.org/download/download/ . I ave been using LibreOffice for a ling time with no issues.
  6. Hi I am an access database developer. As of the update yesterday, my databases (1000s of them out there in the wild) are being detected as exploits. The detection appears to be on a call to created a Create an object 'CreateObject("wscript.shell")' MWB throws up an exploit message and terminates (crashes) the database, and access program. The following is the report from MWB is below. After reading your forum I note you have an advanced setting for VB Script libraries which I have disable for sometime, but none for WScript library that I can find. I can resolve it on my development machine by disabling MWB and/or turning off protection for MS Access in advanced settings. I don't consider either of these options as alternatives for my client using our databases locally. What alternative solutions are there? Cheers Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 14/09/2021 Protection Event Time: 13:19 Log File: 8eef8968-150a-11ec-84c9-00155d5d833c.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.44954 Licence: Premium -System Information- OS: Windows 10 (Build 19042.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Users\gsevi\Documents\wscript.shell, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Access Protection Layer: Application Behavior Protection Protection Technique: Exploit Office VBE7 object abuse blocked File Name: C:\Users\gsevi\Documents\wscript.shell URL: (end)
  7. Hi @all, we are using Endpoint Protection for our Windows Server 2019 machines. Since last week we are receiving several "Exploit"-Detections (see attached screenshot) on different machines on different networks in regular intervals (all affected machines have TerminalServer-Services enabled and more than 20 users are working on them). Thankfully those "Exploits" are getting blocked, but obviously the cause cannot be removed or suppressed - which is quite unfortunate. The "Location"-Attribute of the detections is making me nervous (ComSpec=C:\Windows\system32\cmd.exe seems pretty dangerous) - any idea how to track down the cause or the corrupt program/file (if there is any)? Any idea how to prevent those Exploit-Detections? Thanks in advance
  8. Our work from home computers cannot access Outlook anymore since MB is blocking the same exploit that I see posts about from 2-3 years ago. We can't get into delete the offending email as "Contacting Server" pops up and then MB crashes the program. It is now happening throughout all the desktops of our visual & graphic media teams. I see a MB post from April 2017 that is a known issue and you are working on it. Its 2020 and I can't find the answer for why its happening in 2020 or how to stop it as we crash or the block kicks in from MB. Help is appreciated.
  9. hello first of all please dont judge my english 😅 so the thing is i used a program that was recomended by malwarebytes in a topic i found, and malwarebytes found some but not all and i wanted to ask you guys for help this is what the program found. so what should i do reinstall my pc ,or are these threats deleted ? because i see partially 😯 msert.log
  10. Greetings, Just today, MBAM started shutting down Winamp until I added an exception for it: Here is the log file for the event: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/7/17 Protection Event Time: 8:55 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1890 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0 -Exploit Data- Affected Application: Winamp Player Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: (end) I have also attached the log files from C:\ProgramData\Malwarebytes\MBAMService\logs\ and FRST64. Cheers, Zzyzx mbam-winamp-false-positive.7z
  11. Hi, I am unable to switch on exploit protection on my premium account? I downloaded the latest version today, is that causing an issue for some reason? Any help would be great. I tried switching on and off and running as administrator but neither helped. Thanks
  12. After upgrading my malwarebytes to the latest version 3.4.5, the exploit protection feature hasn't switched on, even after numerous system restarts. I'm currently running Windows 10 Home Build 1803, OS Build 17133.1, installed on 2018/04/08 Please find the mb-check-results.zip attached. mb-check-results.zip
  13. Can you help to overcome following problem Malwarebytes Premium blocks Microsoft Office Word Malicious Memory Protection Exploit: 1 Malware.Exploit.Agent.Generic, , blocked, [0], [392684],0.0.0 Exploit code executing from Heap memory blocked In addition, I also run EMET 5.0, which reports the following when trying to open Word or Excel, which both get blocked by EMET 5.0: EMET detected SimExecFlow mitigation and will close the application Assuming that Malwarebytes and EMET 5.0 are fully compatible, I wonder what is causing the problem: Here is the report of Malwarebytes: -Exploit-Daten- Malwarebytes www.malwarebytes.com -Protokolldetails- Datum des Schutzereignisses: 23.03.18 Uhrzeit des Schutzereignisses: 08:46 Protokolldatei: 44d01e5a-2e6e-11e8-b14b-00241d745f82.json Administrator: Ja -Softwaredaten- Version: 3.4.4.2398 Komponentenversion: 1.0.322 Version des Aktualisierungspakets: 1.0.4458 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu Exploits- Datei: 0 (keine bösartigen Elemente erkannt) Exploit: 1 Malware.Exploit.Agent.Generic, , Blockiert, [0], [392684],0.0.0 -Exploit-Daten- Betroffene Anwendung: Microsoft Office Word Schutzebene: Malicious Memory Protection Schutzverfahren: Exploit code executing from Heap memory blocked Dateiname: URL: END Thanks for any help and advice on this most annoying and concering problem. A. Naseweiss
  14. Every time I run cmder, Malwarebytes gives me an exception error. I have no idea why it does, and it only just recently started happening (ie Previously I had run cmder and no exploit blocked notification was received). I can't directly tell whether it's impeding cmder's performance, but it's sure damn annoying. I can't make an exception for it because it doesn't show up in "Exclude a Previously Detected Exploit" page. How do I stop this? Here's the output of the report: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/28/18 Protection Event Time: 9:54 AM Log File: 57c7570a-1c97-11e8-ae99-ecf4bb518a2b.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4144 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe \c ver URL: (end)
  15. Hi Malwarebytes endpoint protection is blocking Malware.Exploit.Agent.Generic on a system roughly everyone 20 minutes but isn't removing it. Could someone please give me instructions on how to clean the system. Details of the detection are: Malware.Exploit.Agent.Generic Detection Data Detection Name: Malware.Exploit.Agent.Generic Action Taken: Blocked Category: Exploit Reported At: 02/28/2018 - 09:34:46 AM Scanned At: 02/28/2018 - 09:27:42 AM Type: Exploit Endpoint: David*****-PC.mslan.local Location: C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\cscript.exe \E:vbscript \Nologo C:\WINDOWS\TEMP\m_aD138.tmp Group Name: *** *** Workstations Affected Applications: Cmd
  16. I've tried serveral times to uninstall / install MB3, always the same result. Exploit protection starts up and stops after a few seconds. This happend after using an insider biuld of windows 10 (17101.rs4...). Any help or idea how to fix without going back to the official windows version? mb-check files added mb-check-results.zip
  17. I keep getting MB popup saying I don't have full real time protection. "exploit protection" is off. When I turn it on, it turns right off again no matter how may times I do it. I have a Premium license.
  18. Dear all, since a few days the MB is blocking an shutting down FF after a few seconds, sometimes minutes. I didn't found any trigger event for this. What did i changed: I updated FF to 57.x.x. after this, the problem apears. Today i updated to 58.0.1, the problem still persists. My Plugins: Disconnect Blur HTTPS Everywhere SCDL SoundCloud Downloader (disabled) uBlock Origin uMatrix NoScript (disabled) Video DownloadHelper (disabled) These are the "Exploit Data" from MB3: Betroffene Anwendung: Mozilla Firefox (and add-ons) Schutzebene: Protection Against OS Security Bypass Schutzverfahren: Exploit ROP gadget attack blocked I already did the following: FRST Scan - Addition.txt & FRST.txt mb-check - mb-check-results.zip Junkware Removal Tool - JRT.txt AdwCleaner - AdwCleaner[C0].txt & AdwCleaner[S0].txt Sophos Free Virus Removal Tool - is running atm Please see the attachement. The problem still persists. I hope someone can help me with this behaviour. Have a nice day Addition.txt FRST.txt mb-check-results.zip JRT.txt AdwCleaner[C0].txt AdwCleaner[S0].txt
  19. Hi. My PC failed after the update on Saturday. I spent yesterday looking for a new one, thought it was dead. Thankfully its now running and MB Premium is running but my Web Protection and Exploit Protection both refuse to turn on. I get 'Starting' and then they revert to 'off'. HELP! (I have run rkill.)
  20. Yesterday I was just killing time surfing the web, had a couple of tabs open, Home Telecom email, Crigslist and ebay I think (nothing crazy) Firefox closed and I missed the error message on the first bounce, reopened Firefox it stays open for 20-30 sec.s and closes "exploit rop gadget attack blocked" message. I tried running Firefox in safe mode and i still blocks it. Opened Chrome jumped on good old Google and tried a few things to determine what was wrong; Ran Adwcleaner, Sophos virus tool, JRT and FRST64 to no avail. I have Premium but hadn't set up my account, til now, ran mb-check and here I am. And here you go: mb-check-results.zip JRT.txt
  21. Firefox Quantum Beta (v. 58.0b4, 64 bit) was being automatically closed by Malwarebytes (v. 3.3.1.2183) today. I had it do this multiple times today, every time with completely different websites open, it's not any specific website. I have a screenshot of the popup attached. I also have a screenshot of how it's impossible to add any exceptions for exploits in Malwarebytes as it won't allow me to select any, there's NO LIST to select from. The Malwarebytes pop up says: "Exploit automatically blocked Malewarebytes detected and blocked an exploit. It is no longer a threat. Affected Application: Mozilla Firefox Protection layer: Protection against OS security bypass Protection Technique: Exploit ROP gadget attack blocked." Additional information: Malwarebytes version information: Version 3.3.1.2183 Component package version: 1.0.236 Update package version: 1.0.3287 In Firefox, I have a few add-ons/extensions: Cisco Webex extension v. 1.0.12 Lastpass free v. 4.2.1.21 New Tab Override v. 11.0.0 by Soren Hentzschel Stylus v 1.1.5 by Jeremy Schomery uBlock Origin v. 1.14.18 by Raymond Hill Unpaywall v. 1.5 by Impactstory team (I will be disabling all of the ones not essential until this is resolved since I don't know what is triggering the problem) Firefox crash reports: https://crash-stats.mozilla.com/report/index/81cfeb51-4c3b-4bd6-96d1-a644f2170118 bp-81cfeb51-4c3b-4bd6-96d1-a644f2170118 1/17/2017 9:27 PM - 21:27 https://crash-stats.mozilla.com/report/index/6d61d73c-8e3c-4854-8c41-35f8d2170118 bp-6d61d73c-8e3c-4854-8c41-35f8d2170118 1/17/2017 8:45 PM - 20:45 https://crash-stats.mozilla.com/report/index/a3112137-1faf-40ee-b4aa-6747b2170118 bp-a3112137-1faf-40ee-b4aa-6747b2170118 1/17/2017 8:45 PM - 20:45 https://crash-stats.mozilla.com/report/index/db10f862-0005-46fa-9bcf-a36dd2170118 bp-db10f862-0005-46fa-9bcf-a36dd2170118 1/17/2017 7:33 PM - 19:33 https://crash-stats.mozilla.com/report/index/2da77aa3-6992-43e4-bc64-aea6e2170118 bp-2da77aa3-6992-43e4-bc64-aea6e2170118 1/17/2017 7:32 PM - 19:32 https://crash-stats.mozilla.com/report/index/390f0847-5925-4523-b91b-188ca2170118 bp-390f0847-5925-4523-b91b-188ca2170118 1/17/2017 7:27 PM - 19:27 https://crash-stats.mozilla.com/report/index/5be968e8-b2ca-4762-86e0-be3291171118 bp-5be968e8-b2ca-4762-86e0-be3291171118 11/17/2017 8:12 PM - 20:12
  22. Hello, For starters I wanted to know if it's advisable to add the steam.exe and steamwebhelper.exe to the list of protected applications in MBAM Premium real-time protection list. I did just that and added steam as a "media player" (??) and steamwebhelper.exe as a Chromium based browser. Last night I purchased Nier: Automata and upon executing it for the first time (triggering its install process) MBAM blocked the nierautomata.exe saying it was a generic exploit agent. Subsequent attempts after verifying the game's integrity reproduces the same behavior. Most importantly I would like to know if adding STEAM and STEAMWEBHELPER to the protected applications list, as I have, is recommended -- or should I change the program type from MEDIA PLAYER to OTHER? If not a config issue then perhaps I'm just reporting a false positive. (I hope) How should I proceed? Here are the two relevant log notes: -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2903 License: Premium -System Information- OS: Windows 10 (Build 15063.632) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: steam Protection Layer: Application Behavior Protection Protection Technique: Exploit payload file blocked File Name: D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe URL: -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2903 License: Premium -System Information- OS: Windows 10 (Build 15063.632) CPU: x64 File System: NTFS User: System -Exploit Details- File: 1 Malware.Exploit.Agent.Generic, D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe, Quarantined, [0], [392684],0.0.0 Exploit: 0 (No malicious items detected)
  23. MWB says "You are not fully protected." The Exploit Protection button is Off and I can't get it to turn on. I am a Premium user. Any answers? Thanks -- Dom
  24. When trying to load an Excel file that has been on my Windows 10 PC for years, I receive the message "Exploit automatically blocked." As soon as the message pops up, the file closes. When I scan the file with Malwarebytes, the program does not detect any threats. Nor does my virus scan (McAfee). Assuming the warning is not a false positive, is there a way to clean the file so that I can recover it? Thanks.
  25. Hi M Community - I put an old desktop I had not used for some time thru a complete scrub. Clean, cept 2 issues which I cannot explain: 1xJava Exploit (2010-0840): Unexpected. Unit had been Java updated regularly. Updated to Version 5.20 (vulnerability patched) back in April 2010. Can java exploits download onto a computer with updated/patched system? Is a java exploit on a patched system harmless? Hitmanpro found inactive remnants of Zeroaccess (registry keys). I once removed a Ukash infection using system restore + AV/MBAM but that was the only active infection I previously found on this computer - nothing else ever found. Why were remnants found of an infection that was never found/removed? HMP responded saying these remnants may have been part of the Ukash but still doesnt explain the remnants... or could the remnants have survived the restore? All input/suggestions welcome...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.