Jump to content

explorer.exe quarantined with results you'd expect (no taskbar, just a desktop)

Dav1d

By Dav1d
in Anti-Ransomware Beta

 Share

Recommended Posts

Dav1d

Dav1d

Posted
Posted

I just a few minutes ago saw an alert from Malwarebytes Anti-Ransomware Beta that ransomeware activity had been detected from the process (I believe it said process) explorer.exe. I nearly panicked since I knew on a superficial level what that meant. The taskbar was missing and only the familiar desktop was showing. I choose Ctrl-Alt-Delete and restarted the machine. Thankfully all seemed to be working. Explorer seems to be okay, I can use Windows Explorer to navigate my drives and open files. When I looked for some history on the alert in the application mbarw.exe upon restart and log-in there was nothing to be found.

Link to post
Share on other sites
Dav1d

Dav1d

Posted
  • Author
Posted

Hello 1PW,

 

Thank you for your response. Please see my responses following each step of the procedure requested:

  1.  Since explorere.exe had been quarantined, there was no taskbar visible. It did not occur to me to search for the mbamrw shortcut on the desktop. Thus there was no detection process visible to finish.I had rebooted the machine on my own initiative after the alert and the disappearance of the taskbar was observed.
  2. Done
  3. There was nothing in Quarantine to restore.
  4. I navigated to C:\Windows\explorer.exe>>explorer.zip
  5. Malwarebytes Anti-Ransomware.zip
  6. logs.zip

Thanks again

Link to post
Share on other sites
  • 3 months later...
Odin

Odin

Posted
Posted

This exact scenario just happened to me, too. I got the same message that explorer.exe had been quarantined due to ransomware. Luckily, my browser was still open, so despite my panic I came here and found this post. Now I'm just hoping it's a false positive.

Like Dav1d, the Anti-Ransomware's logs showed no entires, and navigating to my Windows folder I found explorer.exe there and not quarantined. Can I brush this off as a false positive or should I be worried?

Below are the requested files:

Malwarebytes Anti-Ransomware.zip

logs.zip

explorer.zip

Link to post
Share on other sites
Tony4554

Tony4554

Posted
Posted

Hi Odin,

I had possibly the same file "explorer.exe" quarantined yesterday.  I uploaded it to Virus Total and it was reported as a false positive as far as their site was concerned.  [ 0 out of 55 ].  You may want to try uploading it to test it there.  It may not be 100% correct.

I had 4 NVidia video program files quarantined  I just had another one (DAO.20878933.exe) all false positives.  The last one today a couple minutes ago.  Virus Total reported it as a false positive [ 0 our of 54 ].

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello Odin and :welcome:

Available data strongly suggests a false positive for that version of explorer.exe while running with MBARW Beta6.

As many improvements and fixes have been included with the release of MBARW Beta7 v0.9.16.484, it is strongly recommended this upgrade be made to the system in question.

Reference: Malwarebytes Anti-Ransomware BETA 7 Now Available

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites
Odin

Odin

Posted
Posted

Good - that makes me a lot calmer. ^_^

Thanks for replying and pointing me towards the new version (which I've just installed). I actually didn't know that a new beta was out, since I had just bookmarked the old thread with Beta 6 thinking the same thread would be used for subsequent releases. I'l pay more attention to the forums from now on and keep reporting my findings.

Link to post
Share on other sites
Odin

Odin

Posted
Posted
14 hours ago, Tony4554 said:

Hi Odin,

I had possibly the same file "explorer.exe" quarantined yesterday.  I uploaded it to Virus Total and it was reported as a false positive as far as their site was concerned.  [ 0 out of 55 ].  You may want to try uploading it to test it there.  It may not be 100% correct.

I had 4 NVidia video program files quarantined  I just had another one (DAO.20878933.exe) all false positives.  The last one today a couple minutes ago.  Virus Total reported it as a false positive [ 0 our of 54 ].

Hey Tony4554,

That's good advice, actually. I'll definitely do that next time. And yeah, perhaps submit the files to at least two different services for good measure.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.