Jump to content

Malware.Exploit.Agent.Generic


Recommended Posts

Hello everybody.

I need support about an Exploit warning (popping out a few minute after pc start) form the  2-week premium trial version of Malware.
This is the report:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/26/19
Protection Event Time: 10:18 AM
Log File: dd103516-7f8e-11e9-8d58-5404a60ad9c6.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10774
License: Trial

-System Information-
OS: Windows 10 (Build 17763.529)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\system32\rundll32.exe rundll32.exe C:\Windows\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

Other usefull information:
2 days ago i stumbled into a Win35:Dropper-gen infection, and my antivirus (avast) detected tooday a infection from Win32:Trojan-gen.
I also scanned with updated versions of AdwCleaner and Malwarebytes, but found nothing
 

Here the FRST scan report and the "Addition" file 

FRST.txt Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Here they are,  my good Sir.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/28/19
Protection Event Time: 9:34 AM
Log File: 0cd698b6-811b-11e9-8393-5404a60ad9c6.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10794
License: Trial

-System Information-
OS: Windows 10 (Build 18362.30)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\rundll32.exe rundll32.exe C:\WINDOWS\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

FRST.txtAddition.txt

Link to post
Share on other sites

Hi,

Your logs are clean.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
vccorelib141xvd.dll
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

Hi, this is the log.

Farbar Recovery Scan Tool (x64) Version: 27-05.2019
Ran by User (28-05-2019 18:30:09)
Running from C:\Users\User\Desktop
Boot Mode: Normal

================== Search Registry: "vccorelib141xvd.dll" ===========


====== End of Search ======

I also noticed that right-clicking on apps not related to windows (so happen if i right-click on chrome, but doesn't if i right-click on control panel)  an error prompt will appear, saying that cannot find vccorelib141xvd.dll.

Link to post
Share on other sites

Hi,

Your copy of Chrome may have been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

How is the computer running now?

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.