Jump to content

Ransom.Petya false positive?


ItManager
 Share

Recommended Posts

Is this a false positive?   We are having this come up on a decent amount of computers this morning.

 

Alert Time: 9/13/2016 9:01:16 AM

Notification Catalog: Client

Description:

Malware threat detected, see details below:

 

9/13/2016 9:00:04 AM    Ransom.Petya   Quarantined      C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

Link to post
Share on other sites

I didn't know this was false positive until after I responded to finding the malware. Can you explain what I should do if I already went thru with quarantining these files? Do I restore these? Also, there were three files, but now I only see 2 in the quarantine folder. What about missing one? Also, I'm concerned because I went into my Norton security logs and I see that ever since last night, malwarebytes has been trying to access the Norton app and being blocked, like 30-50 times all day? I know sometimes there are attempts like this, but never continually.

 

thank you,

-heather

Link to post
Share on other sites

  • Staff

Hello Rredrosie,

5 hours ago, Rredrosie said:

Can you explain what I should do if I already went thru with quarantining these files? Do I restore these? Also, there were three files, but now I only see 2 in the quarantine folder. What about missing one?

Yes, restore -- guide on how to restore from quarantine is here. It should just be 1 file named mdm.exe.

5 hours ago, Rredrosie said:

Also, I'm concerned because I went into my Norton security logs and I see that ever since last night, malwarebytes has been trying to access the Norton app and being blocked, like 30-50 times all day? I know sometimes there are attempts like this, but never continually.

This maybe happened due to the false positive? Try restoring the mdm.exe file(s) and see if that problem goes away.

5 hours ago, Rredrosie said:

Oh, also I couldn't get into Firefox this morning, thus why I ran the scan and got the report about ransom.petya in first place. any possibility that it wasn't a false positive? Or that's some separate problem for me to solve after this.

thanks!

It was indeed a false positive. You may wish to follow the steps here on creating your own topic if you suspect a malware infection.

Edited by thisisu
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.