Jump to content
Omarock

Hijack.BitCoinMiner.WMI attack

Recommended Posts

Just made an account to say I had the same exact threats just now after scanning. Coincidentally landed on this thread after googling.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/6/18
Scan Time: 5:43 AM
Log File: 3192437a-6944-11e8-be7d-d8cb8a3e9754.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5374
License: Free

-System Information-
OS: Windows 10 (Build 17134.48)
CPU: x64
File System: NTFS
User: XXXXXXXXXXXXX

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 366574
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 2 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 3
Hijack.BitCoinMiner.WMI, \\XXXXXXX\ROOT\subscription:__FilterToConsumerBinding.Consumer="CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"", Quarantined, [14221], [528083],1.0.5374
Hijack.BitCoinMiner.WMI, \\XXXXXXX\ROOT\subscription:__EventFilter.Name="BVTFilter", Quarantined, [14221], [528083],1.0.5374
Hijack.BitCoinMiner.WMI, \\XXXXXXX\ROOT\subscription:CommandLineEventConsumer.Name="BVTConsumer", Quarantined, [14221], [528083],1.0.5374


(end)

Edited by Omarock
info

Share this post


Link to post
Share on other sites

Hello @Omarock and :welcome:

Yes, this is a False Positive. Please check for updates and re-scan with Malwarebytes and it should no longer be detected.

The fix for this is in update  1.0.5376 which should be out within the hour.

Thanks

 

 

Edited by AdvancedSetup

Share this post


Link to post
Share on other sites

Received a tech support call already regarding this today.  Re-scanning w/1.0.5376 cleared the detection.

It's getting old quick fielding support calls that are completely related to the issues with Malwarebytes.  :(

Edited by Meathead

Share this post


Link to post
Share on other sites
5 hours ago, AdvancedSetup said:

Hello @Omarock and :welcome:

Yes, this is a False Positive. Please check for updates and re-scan with Malwarebytes and it should no longer be detected.

The fix for this is in update  1.0.5376 which should be out within the hour.

Thanks

 

 

Thank you.
Should I restore the items from quarantine before initiating another scan?

Share this post


Link to post
Share on other sites

I also had this malware threat show up in my latest Malwarebytes scan.  It is false?  If it is false, should I restore the quarantined items?

Edited by dreamspinner3_kim
needed to add question

Share this post


Link to post
Share on other sites

These threats showed up on the first scan after updating to 1.0.5376. I selected "ignore once" and upon scanning again, no threats were found.  The log from the first scan showed the old version number, so go figure?

Share this post


Link to post
Share on other sites

This should no longer be detected. This is a leftover wmi entry from microsoft and is not needed at all. Its ok to restore from quarantine if you still have it. It wont do any damage if it was removed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.