Window OS File Detected by Malwarebytes AI

[AlexLeadingEdge]

Given this file is on the H Drive it is probably a very old system file, but interesting that the AI thinks it is a threat, perhaps it has been interfered with? Is there a way to get the MD5 hash, so I can plug it into VirusTotal to see what other vendors think of it?

 

Name:	Malware.AI.1431233598
Category:	Malware
Type:	File
Location:	H:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_10.2.9200.16521_none_7b14ed51c173bb6d\mshta.exe
Detection ID:	1b07a5ae-3558-11eb-bee3-7085c277369f
Endpoint:	REDACTED
Scanned At:	03/12/2020 7:01:01 PM
Quarantined At:	04/12/2020 12:15:25 AM
Reported At:	04/12/2020 9:17:01 AM
Scan ID:	839fb3d2-672d-47e1-8d8d-db142bf7871d

[Porthos]

This really belongs in the FP section of the forum. I have requested for to be moved there.

 

[Porthos]

5 minutes ago, AlexLeadingEdge said:

but interesting that the AI thinks it is a threat

Most likely because it is an unexpected location. (non-system drive)

[AlexLeadingEdge]

42 minutes ago, Porthos said:

This really belongs in the FP section of the forum. I have requested for to be moved there.

 

Ah, sorry! I looked under Business Support and didn't see a section for False Positives.

[Porthos]

20 minutes ago, AlexLeadingEdge said:

I looked under Business Support and didn't see a section for False Positives.

Business or consumer a FP is the same.

[AlexLeadingEdge]

1 minute ago, Porthos said:

Business or consumer a FP is the same.

One would hope that business customers would get priority as it may affect multiple clients at the same time. Also we use Nebula, and perhaps soon OneView, while home users use Premium, but I'm not sure how much diffence there is between them in regards to the scanning systems.

[exile360]

It's all handled by the same Research team and both products use the same engine and signatures.

[Porthos]

7 minutes ago, AlexLeadingEdge said:

One would hope that business customers would get priority as it may affect multiple clients at the same time.

Other than False Positives which it is faster to report here on the forum in the correct section for False positives, You are entitled to priority support either from the help desk or from the business support phone number.

Help Desk hours are still only weekdays excluding US hilidays during Malwarebytes business hours.

[shadowwar]

can you zip and attach the file detected here. It may be fixed already but that is the only way to confirm. Or a virustotal link to the file. 

 

[AlexLeadingEdge]

16 minutes ago, shadowwar said:

can you zip and attach the file detected here. It may be fixed already but that is the only way to confirm. Or a virustotal link to the file. 

 

How do I unquaratine the file without releasing it back to the end user? How do I run a VirusTotal scan against a file I haven't un-quarantined?  i.e. if it is a virus I don't want to reinfect the end user's machine.

Surely Malwarebytes can generate an MD5 hash from a Quarantined file?

[shadowwar]

I can. Its definitely a fp. Malware cant live in winsxs directory. Zip and attach it here. 

[AlexLeadingEdge]

23 minutes ago, shadowwar said:

I can. Its definitely a fp. Malware cant live in winsxs directory. Zip and attach it here. 

fp?

[Porthos]

4 minutes ago, AlexLeadingEdge said:

fp?

False Positive.