Jump to content

GoldBrute BotNet

Recommended Posts

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:


To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.


One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team


Link to post
Share on other sites

RE:  Microsoft Operating Systems BlueKeep Vulnerability

I don't know what you mean by "...Malwarebytes is seeking GoldBrute BotNet..." but if you have samples of malware that may be exploiting the vulnerability and MBAM does not detect it, samples can be submitted in;  Newest Malware Threats  after reviewing; 

Malware Hunters group
Purpose of this forum



Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

I'm not sure what I mean either since this isn't my 'area'. But, after reading some other articles, etc., after I posted this question, I realized that there probably isn't a way to answer it. I received an alert from my software company about this bot being a concern and that we needed to be sure we were protected. I'm hoping that Malwarebytes and my anti-virus can handle whatever the bullies are throwing at us. And I don't really know what else I can do besides that. Thank you for your reply!

Link to post
Share on other sites

Based on my research, it appears this particular botnet is primarily focused on attacking RDP (Remote Desktop Protocol) servers, not endpoints so if you are running a non-Server build of Windows you should be safe.  That said, you should of course keep your anti-malware, antivirus and operating system up to date to guard against threats in general, and if you don't use Remote Desktop, I'd also suggest disabling it so that it cannot be used as a potential point of attack for any threats (I always disable it on all of my systems for this reason as I never use it so it just represents a potential backdoor into my system should a hacker or infection attempt to exploit it).  Instructions on disabling it can be found here and you can take it a step further by blocking port 3389 in the Windows Firewall as that is the default port used by Remote Desktop and you may also want to disable the service used by Remote Desktop if you aren't going to use it.  You'll find instructions on how to do that here.

Link to post
Share on other sites

Sorry, stupid question. How do I know if I'm using Remote Desktop? The only computer-to-computer communication I do is between my desktop and my laptop and that is primarily (99%) through my own wireless network at the house. But a ton of my work and my software are in the cloud. Does it sound like I can disable RDP and block the 3389 port? Thank you both for the information.

Link to post
Share on other sites

Hi, Patp3005

You mentioned your OS is Windows 10 Home.

a) Be very sure that your Windows 10 is fully up to date with Windows Update.  Do a new manual run to Windows Update.

b ) Browser based video conferencing / screen sharing does not rely on the Remote Desktop.

c ) as noted by others before, the "goldbrute" is potentially targett\ing "server systems";   not your Windows 10 home pc.

d) You can manually turn off RDP.

Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.

type in




and press Enter key. 

Scroll down the list. Look for "Remote Desktop Services".   Look to the right on that line, in the column Startup type, you can do a right click on the line and pick Properties, then select "Disabled"



Other notes:

Microsoft Windows RDP "Bluekeep" Vulnerability is identified as CVE-2019-0708
Windows 10 is not listed as subject to this issue.
Customers running Windows 8 and Windows 10 are not affected by this vulnerability,

Windows 7 / 2008 and older are affected, going back to Windows XP.   Microsoft has released security updates thru Windows Update & the Download catalog at Microsoft.

Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019


Edited by Maurice Naggar
added notes
Link to post
Share on other sites

Maurice, thank you for your reply. I think I'm comfortable now in disabling RD. It's good to know it isn't targeting Windows 10. I'm not confident it will stay that way so I'm going to go ahead and disable anyway since I'm not using it.

To all of you who have replied to this post, thank you. I appreciate your time!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.