Jump to content

False positive on cygwin mv.exe

Recommended Posts

So, I keep getting reports about ransomware regarding mv.exe from the cygwin linux tools distribution (which is then annoying deleted so I have to restore it). Here's the log info and mv.exe binary in a zip so y'all can check it out.



-Log Details-
Protection Event Date: 3/17/18
Protection Event Time: 5:24 PM
Log File: 5c080fa2-2a3a-11e8-a5e2-a4173112e420.json
Administrator: Yes

-Software Information-
Components Version: 1.0.262
Update Package Version: 1.0.4396
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, c:\cygwin\bin\mv.exe, Delete-on-Reboot, [0], [392685],0.0.0



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.