Jump to content

Recommended Posts

We are getting detection alerts I am unable to identify. Not sure if false positive or not. Alert is shown below and a sample log from a client is attached. 

Malwarebytes Management Server Notification
--------------------------------------------

Alert Time: 12/7/2018 8:05:09 AM
Server Hostname: DGSJMWBYTES
Server Domain/Workgroup: live.dgso.org
Server IP: 192.168.72.66
Notification Catalog: Client
Description:
Exploit threat detected, see details below:

12/7/2018 7:05:07 AM    DGSLEC151       192.168.64.151  Exploit payload process blocked BLOCK   C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \c for \f skip=1 Tokens=2,4 %i in ('C:\WINDOWS\System32\QWINSTA.EXE \SERVER:DGSLEC151') do echo %i %j>>C:\Users\aburgen\AppData\Local\Temp\rad5B780.tmp aburgen WScript.exe     C:\WINDOWS\System32\WScript.exe Attacked application: C:\WINDOWS\System32\WScript.exe; Parent process name: C:\WINDOWS\System32\WScript.exe; Layer: Application Behavior Protection; API ID: 207; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: 

Total count: 1.
 

 

Malwarebytes Anti-Exploit.zip

Link to post
Share on other sites

Hello  and :welcome:

Server Domain/Workgroup: live.dgso.org

I can access http://www.dgso.org/ without any issues

That looks like a False Positive to me.

Please take your time.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Experts

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply. 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.