Jump to content

[SOLVED] Anti-Exploit Fingerprinting Attempt Detected?

garioch7

By garioch7
in Anti-Exploit Beta

 Share

Recommended Posts

garioch7

garioch7

Posted
Posted

Good day. I am writing on behalf of an elderly lady, who I have assisted for years with her computer issues and backups. She has a very unfortunate proclivity to click on anything that looks intriguing. To try and mitigate the risk to her computer, I purchased, and installed, on my own dime, MBAM Premium and MBAE Premium. She also has Bitdefender 2015 Internet Security installed. Those security products are up-to-date, except BDIS, which could be upgraded to the 2016 version. Her computer is a DELL, running Windows 7 x64 Home Premium.

She called me yesterday to report that when she tries to attach something to her email messages (she has a Yahoo.com account), MBAE is blocking her from even fully navigating to the photo image she wanted to attach, saying it blocked an exploit attempt.

I remoted into her computer yesterday, created a simple text file in Notepad and saved it to her desktop. When I tried to naviagate to the file to attach it to a Yahoo email message to me, I could get about half-way down the file list, when MBAE blocked me and reported: "Anti-Exploit Fingerprinting Attempt Detected." So I had the lady run some scans and clean up.

  • Bitdefender System Scan (found 24 items that it resolved, presumably mostly cookies - I didn't examine the log)
  • MBAM Threat Scan (no detections)
  • AdwCleaner (some minor adware toolbar junk found and deleted - about 10 files/keys)
  • JRT (more minor junk found - about 10 files/keys
I had previously had her turn on MBAE logging and I saw a number of blocks of IE11, but there were no details as to what was being blocked, when I examined the log.

I don't think that this is a false positive as this fine lady trusts everyone so does not practice "safe hex." She is all over the web and Facebook, clicking and downloading whatever strikes her fancy.

I would appreciate some advice on next steps. I can go to her home and get her MBAE log files in her Program Data folder, if that would assist; or, should I simply run a FRST + Addition.txt scan and post in the Malware Removal Forum?

Thank you and have a great day.

Regards,

-Phil

Link to post
Share on other sites
  • Staff
pbust

pbust

Posted
  • Staff
Posted

Hi Phil,

 

this could be due to 3 reasons:

 

1- She is not running the latest version 1.08.1.1045 in which case the fingerprinting technique could throw FPs.

2- She has a shortcut in her Desktop pointing to C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-EXPLOIT\MBAE.EXE and this is triggering the fingerprinting technique (older versions of MBAE would create this Desktop shortcut during installation)

3- It is a true positive if she is clicking all over the web and encountering Exploit Kits. It is normal for MBAE to trigger first on fingerprinting technique as this is one of the first things that Exploit Kits do before attempting to launch the various exploits.

 

Please discard (1) and (2) first before we attempt to troubleshoot (3). If (1) and (2) check out and the problem persists, please gather the MBAE logs and attach them here.

 

Thanks!

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

Thanks, Pedro.  She definitely has a desktop icon for MBAE.  I don't know for sure if her version is the latest.  I will remote in to her computer and delete the desktop shortcut and check that she has the latest version.  If both check out, I will gather the C:\Program Data\Malwarebytes Anti-Exploit folder files later today (have to dig out from all of the snow first so I can get my car out of the garage) and submit them to you for analysis.  I will report back regardless so that you will be aware of what was found.

 

By the way, Pedro, thank you for your incredibly prompt and helpful response.  That is but one of the reasons why I use, and recommend, Malwarebytes products.

 

Have a great day.

 

Regards,

-Phil

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

Pedro:

 

We deleted the MBAE desktop icon.  Her version of MBAE was the latest.  The problem seems to be resolved.  She sent me two emails with attachments subsequently, including one with the photo that tripped the MBAE Anti-Exploit warning the first time a few days ago.

 

Thank you for your prompt, courteous, and professional assistance.  Have a great day.

 

Regards,

-Phil

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.