Jump to content
duginov

Nomadesk quarantined as ransomware

Recommended Posts

This is legit commercial cloud-based file storage. This particular executable (v.7.8.12.4) was in place for months and did not ask for any RANSOM
 

8-4-2018 2-01-51 PM.jpg

Share this post


Link to post
Share on other sites

Can you please zip and attach the file here:

c:\progam files\nomadesk\dashboard\nomadeskclient.exe

 

Also the mbamservice.log located here would help.

 

C:\ProgramData\Malwarebytes\MBAMService\LOGS

 

Thanks!

Share this post


Link to post
Share on other sites

Hello, duginov

Can you see if this file exists, and attach it if it does?

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ArwDetections\3b2ba044-9805-11e8-8f9f-001fbc08959f.json

Thanks.

Share this post


Link to post
Share on other sites

Thank you for the file. So even after Rich's post above you were still seeing a detection on the same version of NomadeskClient.exe ?

Share this post


Link to post
Share on other sites

I still have it in exception list. Are you telling me that I can kill exceptions and nomadesk will not be detected again? If so I can try.

Share this post


Link to post
Share on other sites

Yes, it should no longer be detected, even if you remove the exclusion for it. That being said, it's not harmful to keep it in the exclusions list.

Share this post


Link to post
Share on other sites

Great, thanks for your report. Please do let us know if this same file version gets detected again. It should not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.