Jump to content

Malware.Exploit.Agent.Generic


Recommended Posts

@nigel1952

Is it possible that this user has an extension in Adobe Reader (or whatever software is being used)? Typically issues like this originate from a bad extension that may be trying to do something with the file.

If you can get us a sample logs, I can definitely take a look.

From the machine having this issue, do the following: 

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    5ae220dc8c030_welcomembst.png.fd2156a783
  • Click the Gather Logs button
    gatherlogs.png.6fb7abe3251f4a4f5fba47602
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
    • In a domain environment, the zip file may get moved to the admin's Desktop. If the zip file is not seen on the Desktop of the logged in user, check user profile of the admin

Thank you

Link to post
Share on other sites

On 8/13/2018 at 4:49 PM, vbarytskyy said:

@nigel1952

Is it possible that this user has an extension in Adobe Reader (or whatever software is being used)? Typically issues like this originate from a bad extension that may be trying to do something with the file.

If you can get us a sample logs, I can definitely take a look.

From the machine having this issue, do the following: 

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link
    5ae220dc8c030_welcomembst.png.fd2156a783
  • Click the Gather Logs button
    gatherlogs.png.6fb7abe3251f4a4f5fba47602
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
    • In a domain environment, the zip file may get moved to the admin's Desktop. If the zip file is not seen on the Desktop of the logged in user, check user profile of the admin

Thank you

 

mbst-grab-results.zip

Link to post
Share on other sites

Hello @nigel1952,

I am getting this looked in. While we are looking over the provided logs, you may disable the protection layer causing this issue so users can open PDF's properly. 

In the Malwarebytes Cloud console: 

  1. Go to Settings > Policies
  2. Select your policy > under "Windows" select Settings
  3. Under "Real-Time Protection" select Advanced Settings
  4. Click the "Advanced Memory Protection" tab and uncheck "Memory Patch Hijack Protection" under PDF Reader
    1. image.png.40884cc32a62d698555294b8c39225cc.png
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.