Jump to content

Spyware.Pony


sflater
 Share

Recommended Posts

Pretty confident this is a false positive, but want to confirm with MB. Thank you.

Malwarebytes Management Server Notification

--------------------------------------------

 

Alert Time: 10/25/2017 6:53:03 PM

Server Hostname: MBAMSERVER

Server Domain/Workgroup: bk.com Server IP: 10.230.3.116 Notification Catalog: Client

Description:

Malware threat detected, see details below:

 

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7E1C96B-781E-11D2-AAB7-00C04FAE2D4C}

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\INetRepl.ReplInet.1

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\INetRepl.ReplInet

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\WOW6432NODE\CLASSES\INetRepl.ReplInet

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\WOW6432NODE\INetRepl.ReplInet

10/25/2017 6:51:09 PM DESK128               10.230.3.128        Spyware.Pony   Quarantined                HKLM\SOFTWARE\WOW6432NODE\CLASSES\INetRepl.ReplInet.1

10/25/2017 6:51:09 PM DESK128               10.230.3.128        Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\WOW6432NODE\INetRepl.ReplInet.1

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F7E1C96B-781E-11D2-AAB7-00C04FAE2D4C}

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\Installer\2d8b1c.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_amd64_7f46c8a40bd97188\wmupdate.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128        Spyware.Pony   Quarantined                C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_amd64_ed7e79d05f4c4512\wmupdate.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\WindowsMobile\INetRepl.dll

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\WindowsMobile\wmupdate.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\WindowsMobile\Drivers\Bluetooth\wmupdate.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128         Spyware.Pony   Quarantined                C:\Windows\WindowsMobile\Drivers\RNDIS\wmupdate.msi

10/25/2017 6:51:09 PM DESK128               10.230.3.128        Spyware.Pony   Quarantined                C:\Windows\WindowsMobile\Drivers\Serial\wmupdate.msi

 

Total count: 18.

 

--------------------------------------------

Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message.

 

Link to post
Share on other sites

  • Staff

Hi,

This would require changing the permissions of the Driverstore\FileRepository folder. But it's ok if these files are deleted though, as they are just a copy of earlier installs.

Here's some info about that folder, with below, how to change the permissions on that folder: https://www.techcrises.com/windows-10/clean-filerepository-folder-in-driverstore/

Once permissions are changed, you should be able to also unquarantine above- but honestly, for above 3, it's not really worth it to tamper with permissions.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.