Nativeimages?

[mapmap]

Are these false positives or actually legit treats? Logs attached.

 

logfile.txt

[blender]

Hello,

Can you zip and attach a few of the files please? Thanks!

[mapmap]

I restored the files, but now Malwarebytes can't find them and I read that restored files can be detected again by Malwarebytes if they're infected. Also "C:\Windows\assembly" is full of files which cannot be copied, but does those files redirect to "C:\Windows\Microsoft.NET\Framework" and "C:\Windows\Microsoft.NET\Framework64" which have some of the previously detected files with similar names? 

 

[blender]

Ahh yes, I forgot about that. The assembly folder is a bit special lol..
Windows explorer does not display files in the assembly folder like other folders.
We'll have to grab some copies using good ole cmd.
If you are unsure of the instructions, please let me know before proceeding.

Create a folder in c:\ and name it "test" (let's use this name so the below works as I want it to)
In the search box by your start menu, search for cmd
Once results show, right click the cmd.exe result and click "run as administrator".
OK the UAC prompt if you get one.
Copy the following lines one at a time from inside the code box  into the cmd box (have to hilight the text, right click, select copy, right click in cmd box, select paste) and hitting enter after each line:

cd C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\MICROSOFT.WSMAN.MAN#\6DFD24D01FB18FEFF9E2019EF8A4EC76

copy MICROSOFT.WSMAN.MANAGEMENT.NI.DLL c:\test

cd C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\SYSTEM.CONFIGURATIO#\F0B751CC18E18C5FF975FF463CEDC829

copy SYSTEM.CONFIGURATION.INSTALL.NI.DLL c:\test

Note any error messages if any. (screenshots work great for this)
Close the cmd window.
Once you have done that, go back to the test folder, zip up those 2 files and attach them here.
You can delete those files after if you like, keep the test folder for now in case we need more files from the log you provided.

Thanks!

[mapmap]

files.zip files.zip files.zip

[mapmap]

Oh, upload finally worked. I was somehow getting spam blocked...

[blender]

Thank you for the files. I can't repro the detection. Are you still seeing detections on those files with fresh scan?

[mapmap]

When I copied those files with cmd prompt (thanks), I did scan them again and it gave me same detections. Afterwards I deleted all those 10 detected files using cmd prompt, and so far I haven't gotten any OS, software or game errors. So I guess it was OK to delete them?

[blender]

If you mean delete the files out of the original location (out of the assembly\....\ folder, no.. don't delete them. They are part of your .NET install. 
If you mean, the files you copied to "test" using cmd, yes, you can delete those.
Let's try this:

Shut down Malwarebytes by right clicking icon by the clock and choose "shutdown Malwarebytes"
(OK UAC prompt and prompt from MBAM if asked)

Open cmd again (search menu>> search for cmd>> right click and run as admin).
Copy/paste the following lines one at a time into cmd and hit enter after each one:

 cd C:\ProgramData\Malwarebytes\MBAMService
del hubblecache

exit cmd

Once done, restart Malwarebytes and re-scan. You can just double click the desktop shortcut to get it going again.
Yes it will take a moment to restart and if you look, hubblecache will be back.. just replaced with a fresh one.
If you don't want to wait the 2+ hours to scan, go ahead and scan the C:\Windows\Assembly folder itself.

Let me know how it goes.

Thanks!

[mapmap]

I did delete them from the "C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\" path 😅 Didn't want to have those possible threads chillin' in my hard drive. But as I said earlier I haven't noticed any errors so far.

Would it be possible to reinstall/fix .NET Framework if I run into trouble/errors by using "Turn Windows features on or off" or sfc /scannow?

[blender]

Those sub directories in the assembly folder have many versions of .NET files from multiple versions of .NET. Perhaps you don't see any errors now but I wouldn't be all that surprised if something pops up later on. 
Those files are legit. Something in our heuristics detected them. I suspect the issue has already been fixed.
I'm not sure which version you would need to re-install. Let me see if I can find someone else to pop in to have a look here.
Don't delete anything else ...

[mapmap]

Ya, I hear you, It's possible I just haven't used a software yet which utilizes .NET 2.0(?).

I definitely got the detection multiple times though. Once in "C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\..." and once in "C:\test\" after I copied those couple files into it.

[blender]

Decent chance that next time you run a program that requires the old .NET you will likely be offered to re-install it. (if anything is using such an old version)

In any case, I just realised you are running an older version of MBAM itself. 
-Software Information-
Version: 4.1.2.73
We are currently at 4.3.0.98 which should fix the issues with those files.
If you are not already being prompted to update, open MBAM >> click the gear looking button at top right>> click "check for updates". Follow instructions for installing the updates.
You may be required to reboot.
Should be good to go after that.

 

[mapmap]

Ye, also noticed it after the first time I got the detections. Files in "C:\test\" got detected even with newer version.

Anyways, thanks for the help.

[blender]

Did you delete the files from recycle bin that were in the test folder? If they are still in the trash, can you restore them back to the test folder, rescan that folder and post the new log here please.

If you already emptied the trash, then you can go ahead and delete the test folder we made too. As long as everything is running OK, we won't need that folder any more.

Thanks!

[mapmap]

Still had my Files.zip. No detections.

log.txt

[blender]

Awesome. Looks like you are good to go. Any further issues, please don't hesitate to contact us again.

[ImNotRice]

They are false positives, I have had very similar detections in my Windows.old folder on a fresh system