Jump to content

Compromised Dell Cert?

1PW

By 1PW
in File Detections

 Share

Recommended Posts

1PW

1PW

Posted
Posted

Hello All:
 
A MBAM Threat Scan detected and quarantined the following within the last four hours:
 
313cb461.zip Its Threat Scan Log follows: MBAM Scan Log.txt
 
I temporarily restored the file in question, from its quarantine, and sent it to VirusTotal.com where the following result was reported:
 
https://www.virustotal.com/en/file/f720667a73cd72adeacc22a68770f496e37c2b00b1f65617929b16dd7a8a2f05/analysis/1448206772/

I have sequestered the file in question in a separate directory for now and moments before I sent this, a right-click context menu scan reaffirmed the earlier "RiskWare.CompromisedCert" MBAM evaluation.

 

I could use some directional advice regarding this.  Thank you.

Link to post
Share on other sites
  • Staff
blender

blender

Posted
  • Staff
Posted

Hello,

 

The detection is correct. (it sometimes takes a while for virustotal to update their database to match our latest)

 

This page probably describes the issue best so far:
https://www.kb.cert.org/vuls/id/870761

 

It is best you allow MBAM to clean up what it does see so your machine is no longer vulnerable to this issue.

 

If you wish, you can also follow the suggested checks at the above documentation. If not comfortable with this, please follow instructions here to get assistance:
https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/

Link to post
Share on other sites
1PW

1PW

Posted
  • Author
Posted

Hello Tammy:

 

Thank you for the super quick response!

 

The Windows 8.1 system in question is well backed up so it is a question of whether or not to allow the supposed 83 installed items to remain, or fall back and forbid Dell from automatically installing anything for an indeterminate period of time. Or do nothing for now. Oy vey!

 

Thank you again Tammy.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

 

This vulnerable file was only found in this typical msi installer in your case - so it's totally fine to have mbam remove this .msi file - as you don't want to reinstall that msi again :)

Dell has in a meanwhile fixed this - so new installers won't have this anymore.

So no need to do anything if you removed this msi file :)

Link to post
Share on other sites
1PW

1PW

Posted
  • Author
Posted

Hello Mieke:

 

Yes. That installer file in question is still sequestered. Just as we would with MBAM quarantined malware, I will leave the file isolated for now and delete it in about a week.

 

Thank you Mieke and Tammy.

 

Pete

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.