Jump to content
ginalfa

HxTsr.exe: false positive?

Recommended Posts

Today MBARW reported HxTsr.exe as a ransomware and quarantined it.

The file was located in c:\Program Files\WindowsApps\windows.communicationapps...(and many other chr)...\HxTsr.exe.

A web serch about that file name reports as a windows 10 regular file.

Due to the restricted access to the folder, I will not be able to attach the file I restore it. I attach the quarantined file instead.

I was not doing anything on PC when MBARW has quarantined the file and the original location appears as regular.

Maybe a false positive?

Can I restore the file?

Bye

Malwarebytes Anti-Ransomware.zip

logs.zip

Quarantine.zip

Share this post


Link to post
Share on other sites

I tried to restore the file but MBARW reported an error and was unable to un-quarantine it. I guess it doesn't have the write permissions to that folder, so I think the file was not really removed.

It's a M$ Office related file... I don't have Office installed but only "Obtain Office" Windows 10 App.

Bye.

Share this post


Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/A776BEE94E96A141B26F157CD61617FA72B59FC1738568992477B26BE48DE7AC/analysis/ Unsigned

Hello ginalfa:

Only for the case of that individual system, please consider entering the file's pathname below in MBARW GUI Dashboard > Exclusions.

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46271._x64__8wekyb3d8bbwe\HxTsr.exe

The above pathname may still need to be altered.

Thank you for participating in the MBARW Beta program and your feedback.

Edited by 1PW

Share this post


Link to post
Share on other sites

The exclusion dialog box lets me to read the foder content and the file was really removed.

The exclusion can't be set cause the file is not present and MBARW does not restore the original file (see attached screenshot).

May I try to restore in safe mode?

 

post-199573-0-34914800-1457984002_thumb.

Share this post


Link to post
Share on other sites

Hello ginalfa:

How to Repair an Office application.

  • Please consider producing a hard copy of the procedure within Repair an Office application.
  • Restart the computer in question into the Windows Normal mode and terminate un-necessary applications.
  • Follow Microsoft's procedure within step 1.
  • Again, restart the system into Windows Normal mode.
  • Confirm the previously missing file has been restored.

Please reply to your topic with the status of your system.

Thank you.

Share this post


Link to post
Share on other sites

MBARW beta6 - build 0.9.15.416 quarantined C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe and cannot restore.  Windows 10 Mail no longer works.  The link to in an earlier reply to "Repair an Office application" does not apply to Windows 10 Mail.  Additionally when I try to add the file to the exclusions, MBARW crashes before I can select or paste a path/file in.  Please help restore the needed file.

Share this post


Link to post
Share on other sites

Hello @betsar and :welcome:

It is disappointing to read your testing system is having MBARW Beta issues but each computer is unique.  Problems that seem "the same" frequently are not.

The same is true for solutions.  Solutions may often need to be individualized for your unique testing system.

It is less confusing for everyone if a "One Member Per Topic" policy is adhered to instead of posting to the topic of another member.

Development Team Members, Staffers, and Helpers will be able to more easily provide both you and the OP/Topic Starter, with individualized assistance.

Please start a NEW, and SEPARATE topic by left-clicking this >>Start New Topic<< link now.

Thank you always for your patience and understanding.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.