Jump to content

Exploit blocked

Recommended Posts

is this a false positive, my computer was in hibernate/offline but on when it happened. hence now just noticing it. 

I have  updated Malwarebytes and ran a scan nothings, also the adwcleaner and rootkit cleaner and nothing.



-Log Details-
Protection Event Date: 3/10/19
Protection Event Time: 10:25 AM
Log File: 45a93c17-4340-11e9-af14-8cec4b7a3885.json

-Software Information-
Components Version: 1.0.538
Update Package Version: 1.0.9616
License: Premium

-System Information-
OS: Windows 10 (Build 17763.316)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\Sysnative\cscript.exe C:\WINDOWS\Sysnative\cscript \nologo Sierra_Inv.vbs ..\Sierra_multiPNP.xml


Link to post
Share on other sites

  • Root Admin

Hello @neak07

Let's get some logs and other scans to see what's going on.


Please run the following steps and post back the logs as an attachment when ready.


  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.


Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.


RESTART THE COMPUTER Before running Step 3

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.





Link to post
Share on other sites

  • Root Admin

The logs look good. This is what triggered the detection I thought, but looking at it closer this one is a different name and location.

Task: {2549FB6E-DD48-49C8-9022-1C3AFA7AEC5C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Let me try something else and I'll get back to you shortly.




Link to post
Share on other sites


apparently this has happened to others and they (Kaspersky Support) haven't been able to resolve it. 

I just wanted to say my computer is performing normally and I have no obvious reason to believe I have an infection but I do use this computer for sensitive purposes and finding this was concerning. 

Link to post
Share on other sites

  • Root Admin

It looks like it might have come from Dell as an inventory process.

Please run FRST again as before and in the top of the box type in   InvCol.exe

Then click on the "Search Files" button.

Once it's completed it will create a file called Search.txt in the same folder it was run from. Please attach that log on your next reply.

Link to post
Share on other sites

  • Root Admin

You're quite welcome @neak07

Let me have you reset Google Chrome. Please follow the directions from the following topic.


Once you have Chrome reset then review the information below to add and Ad blocker.


Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock for Internet Explorer

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up


Thank you for choosing Malwarebytes



Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.