LoganPSI Posted December 21, 2018 ID:1288499 Share Posted December 21, 2018 Greetings! We are running into an issue with this file at my workplace and it is creating constant spam of website blocking (every 2 seconds a new window pops up). I cleaned it yesterday and was no longer on the computer, but came back to life this morning (it had been completely removed).Details below for the event and file: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/20/18 Protection Event Time: 11:04 AM Log File: 00083648-0471-11e9-9862-480fcf4e1a8f.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.508 Update Package Version: 1.0.8411 License: Trial -System Information- OS: Windows 10 (Build 16299.785) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: IP Address: 198.74.58.47 Port: [50097] Type: Outbound File: C:\Windows\SysWOW64\tabbtngraph.exe (end) Thanks for any help you guys can lend us! Link to post Share on other sites More sharing options...
Staff Zynthesist Posted December 21, 2018 Staff ID:1288506 Share Posted December 21, 2018 Hello, Looks like an Trojan.Emotet.C2 IP block. Was the file scanned and quarantined? What do you mean when you say you "cleaned it"? Link to post Share on other sites More sharing options...
LoganPSI Posted December 21, 2018 Author ID:1288509 Share Posted December 21, 2018 It was scanned and quarantined yesterday and again on the PC today. It took a few tries to get it to show up on the scan today though. By 'cleaned it' I just meant quarantined it. Thanks for the info about it being an actual threat! Link to post Share on other sites More sharing options...
Staff Solution Zynthesist Posted December 21, 2018 Staff Solution ID:1288534 Share Posted December 21, 2018 You're welcome and glad it was detected! Link to post Share on other sites More sharing options...
Recommended Posts