Jump to content
ron_hk

csrss.exe RANSOMWARE !?

Recommended Posts

Dear Support,

Any further action needed? Is it a false positive? Please refer to the screen capture.

Thanks!

 

 

Capture.PNG

Share this post


Link to post
Share on other sites

Could you also please attach a copy of the MBAMService.log located in the following folder?
c:\ProgramData\Malwarebytes\MBAMService\logs

In order to locate the file, you'll need to be able to see hidden folders.

Share this post


Link to post
Share on other sites

I started noticing the same exact thing on 12/25. I'm also trying to find if it's a false positive and if I should add to an exclusion list or anything.

Share this post


Link to post
Share on other sites

@royaljackv - If you see in the Report "No action by user" like in ron_hk's image, with the Anti-Ransomware component this means the detection was discarded. It's most likely been internally whitelisted. That being said, we'd like to know more about why there was a detection at all of this particular csrss.exe since that is a legit location for this file.. For that, we'd like the MBAMService.log which Dave mentioned in his previous post.

Quote

Could you also please attach a copy of the MBAMService.log located in the following folder?
c:\ProgramData\Malwarebytes\MBAMService\logs

In order to locate the file, you'll need to be able to see hidden folders.

 

Additionally, we'd like the .arw files located here:

C:\ProgramData\Malwarebytes\MBAMService\ARW  < copy this folder to desktop and zip it if there are multiple .arw files.

Thank you.

Share this post


Link to post
Share on other sites

@ron_hk - thanks for the logs. I can see in the MBAMService.log that indeed this detection was discarded as whitelisted.

We'll forward this information to our Developers for review.

We would consider this a false positive in that there was a detection, but no quarantine attempt took place. There should be nothing further for you to do.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.