Jump to content

Threat


Recommended Posts

I ran a full scan today and one treat was found

Threat: FiskWare.Extension/Mismatch  File  c:user\xxx\appdata   etc   Action: Quarantined

when I look in Quarantine there is nothing there. Why not? Shouldn't it be there in case I want to restore it?

Link to post
Share on other sites

We will wait for staff to look at this. If I remember you had issues like this before. Is this the same computer?

 

Was this the same one?

Another thought, Do you use Ccleaner?

 

 

Also, the best way for us to help you would be for us to see the requested Diagnostic Logs for the Windows 10 computer.

Edited by Porthos
Link to post
Share on other sites

No.

 

2ewplcl.jpg

 

Here's the Threat from the Scan report:

Files: 1
RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined, [b1e18ebebedc65d1912fef4609f82bd5], 
 

Edited by bobz
Link to post
Share on other sites

Don't know if that file is important if it is not in Quarantine and can't be recovered? I looked up Cortana (mentioned in the threat file) and see that it says "Cortana is your digital agent. She'll help you get things done. The more you use Cortana, the more personalized your experience will be." Something new in Win10 that I doubt I will ever use except to do a search.

Link to post
Share on other sites

Don't know if that file is important if it is not in Quarantine and can't be recovered? I looked up Cortana (mentioned in the threat file) and see that it says "Cortana is your digital agent. She'll help you get things done. The more you use Cortana, the more personalized your experience will be." Something new in Win10 that I doubt I will ever use except to do a search.

As you said "We will wait for staff to look at this." Should I wait for staff to look at this rather than loading another program (posting logs) which might not work with this new Win10 computer?

Edited by bobz
Link to post
Share on other sites

I believe the above 3 files are what you needed.

I am not that familiar with computers especially with this Win10. I hope the file that was supposed to be in Quarantine, which is now missing, is not a vital part of Win10. i've been told that " Cortana" is a new part of Win10 and used for searches, etc. So it might be "vital/important." I don't know why it says it was in Quarantine and yet it is not in Quarantine? Very confusing indeed.

Link to post
Share on other sites

Hi, @bobz:

In addition to the 3 logs already posted, it would help if you could please also post (as an ATTACHMENT) the complete MBAM SCAN log that shows the detection you report, not just the snippet.

This KB article explains how to locate and export logs: How do I access and save logs from Malwarebytes Anti-Malware?

Please make sure it is the SCAN log that picked up the detection you report.
Please be sure to export and save it as a *.txt file (not an *.xml) file.
Please ATTACH it to your next reply, just like you attached the other 3 logs.

Thanks,

Link to post
Share on other sites

Also It looks like you installed Malwarebytes on 7-23 and on 8-3 you upgraded your Windows from the one that came with your new computer to the new anniversary update 1607. Sometimes this can break MBAM. I suggest you do a clean install to rule that out..

clean reinstall of MBAM Free, by following the steps here: MBAM Clean Removal Process 2x

  • Please be sure to reboot the computer when prompted by the removal tool
  • It's a good idea to reboot again after reinstalling MBAM Free
Link to post
Share on other sites

7 minutes ago, bobz said:

I am getting very confused. What do you want me to do? Attach copy of original scan. Or must I uninstall MB and then reinstall?

What happened to the file that MB supposed to have put into Quarantine. But it is NOT in quarantine?

MB Scan 2.txt

Add on to my above post: I don't know if the file that was removed by MB 

(RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined,)

was an important file and might stop my new Win10 from working properly? Cortana is supposed to be an integral part of Win10.

Link to post
Share on other sites

1 hour ago, bobz said:

Add on to my above post: I don't know if the file that was removed by MB 

(RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined,)

was an important file and might stop my new Win10 from working properly? Cortana is supposed to be an integral part of Win10.

What am I to do now?

I sent the txt file requested by daledoc1

Is he going to respond? Does he want me to uninstall and then reinstall MB?

I am in my 80s and sending all these reports, etc. is very new to me and getting me very confused, as I said.

Link to post
Share on other sites

Hi, @bobz:

The reasons I asked for the MBAM scan log BEFORE asking you to reinstall MBAM include:

  1. A clean reinstall would wipe out the scan log (and any items in Quarantine), so that the Malwarebytes staff would not be able to see what was detected. That would hamper troubleshooting. 
  2. The scan log provides additional detail -- in addition to the FRST logs and Mbam-Check log -- to help to determine if the detection might be some sort of false positive.  If it is a false positive, then you might not need to bother reinstalling MBAM.

Yes, I have asked a Malwarebytes staff member to review your logs.  Please try to be patient until they can respond.

EDIT: ALSO, I noticed that this was a "Custom" scan.  For the record, the Threat scan is all that is routinely needed or recommended.  Routine "full" or "custom" scans are neither recommended nor necessary, and could cause excessive wear on your hard drive.   Please let us know if you need help configuring your scan settings.

Thank you,

 

Edited by daledoc1
Link to post
Share on other sites

OK. I know how to use the Threat scan.

I will wait for the staff's response.

But wanted to let you know that the reason I began this thread was to tell you that MB found a Threat and said it placed it in the Quarantine folder.  But when I looked in the Quarantine folder there was no file in there. So I don't know if this can be called a False/Positive? I thought a False/Positive referred to a file that was placed in Quarantine and could still be restored. There is nothing here to restore with this Threat.

Edited by bobz
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.