Jump to content

Malware found and quarantined but report says no action by user


Go to solution Solved by Maurice Naggar,

Recommended Posts

In the latest scan, 4 threats were detected. The report lists each issue with a message, all threats were quarantined. 

 

Are there other steps I should take?

 

How do I determine the actions / intent of the malware and find what harm it might have caused (grabbing passwords, screenshots, infecting other files, etc.)?

HSU_malware_detection_adv_report-02182021.txt

Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 5 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

This next part is to just do a new Threat scan with the latest Malwarebytes for Windows.

Start Malwarebytes for Windows.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON        👈

Click it to get it ON  if it does not show a blue-color

.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click  ( tick )   the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).    👈

🔻

MB4_scan_tick_ALL2.jpg.e8a7f94bceca3237b7dbe17faacfa577.jpg

 

 

Then click on Quarantine selected.

MB4_scan_all_Quarantine2.jpg.dd0e7b543cdb7c69c37bcf14f0e5b9d1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Maurice,

 

Thank you for helping me with this!

 

Regarding my availability, I will be here for any questions or running malwarebytes reports.

 

Per your instructions, the program was run with rootkits selected. All lines did have a green check when finished (no threats were found).

 

Attached is the report from this job.

 

Thanks,

Steve

Malware_detection_per_maurice_02192021.txt

Link to post
Share on other sites

Hi, Steve.  Thanks.

The scan by Malwarebytes for Windows reports no malware ; no P U P.  and the program is the latest version.

I would suggest that you do a scan with a scan tool from ESET  to just only scan the C drive.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

 

When prompted for scan type, Click on Custom scan    ( the choice on far-right side)

We want just the C drive to be scanned.

 

In the display "Select custom scan targets"  keep the top 3 lines ticked,  plus the one for the C drive   ( which should be your Windows drive)

UN-tick the other drives   ( D, E, F,   etc...)

 

Then click on the blue button "Save and continue"

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.  

 

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.  Look for it on the bottom left, in blue.

 

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

The goal here is to see if there are suspicious or actual threats on the C drive.   Attach the log with your next reply.

Link to post
Share on other sites

Good morning.  Once the scan run has finished ...     locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Thanks.   Sorry I got slightly lost as to what scan was being run.  But now back in sync.  Firstly, we do NOT want periodic scanning with ESET.  So undo that selection if possible.  The ESET scan was meant as a one-time run.

The ESET scan found no virus ; no malware.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please select " Quick " scan from the Scan options.

Let me know the result of this.

The log is named MSERT.log 

the log will be at  C:\Windows\debug\msert.log

Please attach that log with your reply.    Also, advise mw, How is the overall situation then on this Windows system ?

 

 

Link to post
Share on other sites

Quite alright. The periodic scan has been turned off for ESET.

 

The microsoft scanner completed without detecting any issues. The log is attached.

 

The PC's been running fine. This potential malware is from a developer's tool used in Excel for decoding files. He's been very supportive of us and this process. It seems this could be a false-positive due to his coding method?

schamberlin_microsoft__safety_scanner_results_02222021-no_virus.png

msert.log

Link to post
Share on other sites

  • Solution

Thanks for this scan-run-report from the MS Safety Scanner tool.  That is an excellent result.

NOTE:  At the start of this case, it seems you had had questions about 2 items flagged by the real-time protections of Malwarebytes for Windows.

They were flagged ( classified ) as MachineLearning/Anomalous.95%

The files had some name like HIPAA File to Excel.   One file was on Desktop.  Another on appdata\local

MachineLearning/Anomalous is Malwarebytes’ generic detection name for files that are flagged by Malwarebytes’ Machine Learning module as anomalous.

Malwarebytes detects these files to protect customers from zero-day malware.

See this Malwarebytes Blog article for some additional information.   

Note, also, that the scan completed ( with Malwarebytes for Windows) on afternoon of Friday the 19th reported no malware.

Note further, given your last remarks, I would say Yes, those first tags as machineLearning anomalous would be false positives.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.