Jump to content

Infected Endpoint Greyed Out


Recommended Posts

When trying to find what a certain PC is infected with, I was unable to learn anything further from what I see below.

image.png.50e710f692fdd8b40107235ed7db6e8f.png

 

When I go to this endpoint nothing shows up in quarantined, scan history, events, or detection's. Why does it show 9 above but nothing below?

image.thumb.png.dd8ca20d5b05843a1ef63bebdda390d6.png

 

Link to post
Share on other sites
  • 2 weeks later...
  • Staff

That computer looks to have submitted a few hits to our telemetry server and subsequently auto-whitelisted those hits. Here's what I see hit on that machine:

H:\SetTime\SetTime.exe
C:\Program Files (x86)\Cisco Systems\Cisco Network Assistant\utilities\prelaunch\prelaunch.exe
'C:\PROGRAM FILES (X86)\SOLARWINDS\TFTP SERVER\SOLARWINDS TFTP SERVER.EXE
C:\USERS\JFRITZ\APPDATA\ROAMING\MICROSOFT\INSTALLER\{BC3EE229-5486-40AD-8834-63B5BDC23C50}\TFTPSERVER.EXE.ICON
C:\PROGRAM FILES\WINAERO TWEAKER\WINAEROTWEAKER.EXE
C:\PROGRAM FILES\WINAERO TWEAKER\WINAEROTWEAKERHELPER.EXE

This doesn't appear to be all of them, we can see what else it may have found that was auto-whitelisted but we will need to check out the files in C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ScanResults\ to be sure.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.