Jump to content
toliman

Zygor Guide updater (beta version) flagged as Ransomware

Recommended Posts

Source for binary setup is https://zygorguides.com/client/releases/Zygor%20Setup.exe,

It basically updates a WoW addon. their previous launcher used Java, so this is an improvement.

I believe it got picked up when it inserted itself into the run at bootup via a registry key , i.e. hkey-users ...  Windows\Currentversion\Run\
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/5/18
Protection Event Time: 2:24 AM
Log File: c5b16e04-9802-11e8-95fa-305a3a006cfa.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6197
License: Premium

-System Information-
OS: Windows 10 (Build 17134.137)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Users\MG\AppData\Local\Zygor\Zygor.exe, No Action By User, [0], [392685],0.0.0


(end)

 

Share this post


Link to post
Share on other sites

Can you please zip and attach the file here:

C:\Users\MG\AppData\Local\Zygor\Zygor.exe

 

Also the mbamservice.log located here would help.

 

C:\ProgramData\Malwarebytes\MBAMService\LOGS

 

Thanks!

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.