Jump to content
LoganPSI

ANSWERED Possible False Positive

Recommended Posts

Greetings!

We are running into an issue with this file at my workplace and it is creating constant spam of website blocking (every 2 seconds a new window pops up). I cleaned it yesterday and was no longer on the computer, but came back to life this morning (it had been completely removed).Details below for the event and file:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/20/18
Protection Event Time: 11:04 AM
Log File: 00083648-0471-11e9-9862-480fcf4e1a8f.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8411
License: Trial

-System Information-
OS: Windows 10 (Build 16299.785)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain:
IP Address: 198.74.58.47
Port: [50097]
Type: Outbound
File: C:\Windows\SysWOW64\tabbtngraph.exe

 

(end)

Thanks for any help you guys can lend us!

 

12-21-2018 10-34-35 AM.png

Share this post


Link to post
Share on other sites

Hello,

Looks like an Trojan.Emotet.C2 IP block. Was the file scanned and quarantined? What do you mean when you say you "cleaned it"? 

Share this post


Link to post
Share on other sites

It was scanned and quarantined yesterday and again on the PC today. It took a few tries to get it to show up on the scan today though. By 'cleaned it' I just meant quarantined it.

Thanks for the info about it being an actual threat!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.