Jump to content
Protozoius

Malware.Exploit.Agent.Generic

Recommended Posts

Hello everybody.

I need support about an Exploit warning (popping out a few minute after pc start) form the  2-week premium trial version of Malware.
This is the report:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/26/19
Protection Event Time: 10:18 AM
Log File: dd103516-7f8e-11e9-8d58-5404a60ad9c6.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10774
License: Trial

-System Information-
OS: Windows 10 (Build 17763.529)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\system32\rundll32.exe rundll32.exe C:\Windows\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

Other usefull information:
2 days ago i stumbled into a Win35:Dropper-gen infection, and my antivirus (avast) detected tooday a infection from Win32:Trojan-gen.
I also scanned with updated versions of AdwCleaner and Malwarebytes, but found nothing
 

Here the FRST scan report and the "Addition" file 

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Al procedure done.

Here the fixlist.txt

Googleing I discoved that my pc (I gave it to a friend to replace the damaged hard disk) run a cracked version of win10. Tomorrow i will use my legit activation key.
Can the cracked win10 cause this kind of warning? 

Share this post


Link to post
Share on other sites

Hi,

Can the cracked win10 cause this kind of warning? 

Warning or not you can be into trouble.
The Updates may  not be installed and this alone is problematic.

Share this post


Link to post
Share on other sites

Hi.
Pc updated succesfully (i think), but the problem still persist 😕
What is the next step?

Share this post


Link to post
Share on other sites

Hi,

Please post a fresh Malwarebytes log for my review.

Also run the Farbar program one more time and post fresh FRST.TXT and Addition.txt logs. 

Share this post


Link to post
Share on other sites

Here they are,  my good Sir.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/28/19
Protection Event Time: 9:34 AM
Log File: 0cd698b6-811b-11e9-8393-5404a60ad9c6.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10794
License: Trial

-System Information-
OS: Windows 10 (Build 18362.30)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\rundll32.exe rundll32.exe C:\WINDOWS\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

FRST.txtAddition.txt

Share this post


Link to post
Share on other sites

Hi,

Your logs are clean.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
vccorelib141xvd.dll
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites

Hi, this is the log.

Farbar Recovery Scan Tool (x64) Version: 27-05.2019
Ran by User (28-05-2019 18:30:09)
Running from C:\Users\User\Desktop
Boot Mode: Normal

================== Search Registry: "vccorelib141xvd.dll" ===========


====== End of Search ======

I also noticed that right-clicking on apps not related to windows (so happen if i right-click on chrome, but doesn't if i right-click on control panel)  an error prompt will appear, saying that cannot find vccorelib141xvd.dll.

Share this post


Link to post
Share on other sites

Hi,

Your copy of Chrome may have been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

How is the computer running now?

Share this post


Link to post
Share on other sites

Hi,
After Chrome re-install i'm happy to say that the problem seems to be resolved!

Thank you very much for your time 😁😁

Share this post


Link to post
Share on other sites

EDIT: Sorry for the double posting, but the error message about the missing "vccorelib141xvd.dll" persist

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.