Jump to content

Possible FP - Malware.Heuristic.1003 GVIM_8.2.2783_X86_SIGNED.EXE


BillieBuB

Recommended Posts

Here is a log and the affected file for staff to research. Also note the current version is not detected.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/21
Scan Time: 10:53 AM
Log File: 395b343a-a515-11eb-bc35-001a7dda7102.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39775
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 9 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1003, C:\MALWARE TEST\GVIM_8.2.2783_X86_SIGNED.EXE, No Action By User, 1000001, 0, 1.0.39775, 0000000000000000000003EB, dds, 01216229, 514C61D789AA3E4B880C81EFC9B9670C, B97389E1694E0C04175E211D282A733AD195D05E681C7DF0F5231DF5486F9EA6

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

gvim_8.2.2783_x86_signed.zip

Link to post
Share on other sites

🤔 forgive me but if me expediting  the request is adding more log info, here it is.....but if I am wrong please advise.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/21
Scan Time: 2:36 AM
Log File: 81e30154-a4e0-11eb-81c2-2c4138abba65.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39763
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 296646
Threats Detected: 21
Threats Quarantined: 0
Time Elapsed: 10 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 

File: 19
Malware.Heuristic.1003, C:\USERS\ERNEST FRIESEN\DOWNLOADS\GVIM_8.2.2783_X86_SIGNED.EXE, No Action By User, 1000001, 0, 1.0.39763, 0000000000000000000003EB, dds, 01215881, 514C61D789AA3E4B880C81EFC9B9670C, B97389E1694E0C04175E211D282A733AD195D05E681C7DF0F5231DF5486F9EA6
.
.
.

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

1 minute ago, BillieBuB said:

Folder: 2
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 

This above part of your log can be fixed by doing the following steps in this post. The rest will be addressed by research staff.

 

  • Like 1
Link to post
Share on other sites

I started getting this as well as soon as I installed Chrome, again...I had switched to Edge on a clean OS install, then reinstalled Chrome. This is only happening on one machine. Another has Chrome synced to the same user profiles with no appearance of same yet anyways. Keeps coming back after quarantining.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/21
Scan Time: 2:36 AM
Log File: 81e30154-a4e0-11eb-81c2-2c4138abba65.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.39763
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 296646
Threats Detected: 21
Threats Quarantined: 0
Time Elapsed: 10 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 281, 454824, , , , , , 

File: 19
...
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000005.ldb, No Action By User, 281, 454824, , , , , 86B7626E1031C2A96A96E678755461CF, 584A8D7BF8813F940FFF9F648C77EC2A381C74BABEBC04BC55334DB0934BE18D
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000016.ldb, No Action By User, 281, 454824, , , , , F6A8DA47904069692E4CB707E1C88D8D, 5B2096D84298101FEDFEA8D9AB80B01D082649B898732654DF0E6F403246A727
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000018.ldb, No Action By User, 281, 454824, , , , , 84607DA60FC0139C4E83A550E297D82E, 395EE4443903811F68A148051CEC8DED3F8E5C239AB399CAA5B5C37F8A47CAF3
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000019.log, No Action By User, 281, 454824, , , , , 075C46735570416CDF1B8FFC2DC01878, AABCA3316CCBACFFCD95C587F2092B5F874812383BE2C2CAAF313D4C27DF5A30
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000020.ldb, No Action By User, 281, 454824, , , , , C5F5764CD7BB1F342BAEF440464BA060, CD20DC326643BD7BD9DD75E42E828240997182CA805FB4BEA748F9AFDE0D075C
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\CURRENT, No Action By User, 281, 454824, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOCK, No Action By User, 281, 454824, , , , , , 
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG, No Action By User, 281, 454824, , , , , A0F7DD0E745484FE1A8FD32C11832DE5, 5D3BB7B3F88E9892DF65B26205FBA09A4ACA633460AEDFDCC0BE556C1A3DA118
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG.old, No Action By User, 281, 454824, , , , , 01E748D600642E9BE5376C3F7D0EEF85, 3DAC44CE956D68289ABED27C88087557AB33AC4EFFFA222A7116634661657D98
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 281, 454824, , , , , 6631F597F036A054FC1EF98E4309FA0B, 4E806E2745B0F9DC4B1F63011EC0EAF26398682E08232790CE260BA6F12F6C11
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000005.ldb, No Action By User, 281, 454824, , , , , 0422402AE4742EB5057189D77A5E6C92, 0316BAC5EE4C3B2DD72C8A002B41C1A58899954D35BD52D439C7502B5423A210
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000006.log, No Action By User, 281, 454824, , , , , 4E666BD51DBD521928D91FDD46342F92, 83B389354B881736E02065312217F05D98E5D38232C9806B1129822C7319778D
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000007.ldb, No Action By User, 281, 454824, , , , , 4555EF1FC7197C92BF8E4E57A800ED69, 38BA4D1B54B6BD9D83B30127ED660985B9ABA8989C652F84A2FE234C5E2C7F9F
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\CURRENT, No Action By User, 281, 454824, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOCK, No Action By User, 281, 454824, , , , , , 
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG, No Action By User, 281, 454824, , , , , F60C2415627ED35404CD52CA268BFB64, A8587C418BF66292B7E9105B2CA91D4DF58B3CC8071862B1641A7DB5D55D9C47
PUP.Optional.ASK, C:\Users\Ernest Friesen\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 281, 454824, , , , , DADA5B5CDEECDAEC277AB5A510776D6A, 9B0F1550E721CD4DBA59CA54BF251D22D6E02D79C468BC93746D2F8AD1196BD5
PUP.Optional.ASK, C:\USERS\ERNEST FRIESEN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, No Action By User, 281, 454824, 1.0.39763, , ame, , DA8CC59282590EBA95E4F37767D70F4D, CDD7B1B2A7A79F7C56E1650AC1964E458E91346649EE9F4FDF2DFB67C75A927A

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Thank you. I read the link. Do you know if resetting or clearing the data means starting over with apps, bookmarks, history and passwords, etc?

As for the other that you say will be addressed by research staff, does that mean the gvim is actually a false positive, or that they will investigate it? If so will they post here their results?

Tx again for your efforts.

Link to post
Share on other sites

3 minutes ago, shadowwar said:

Hmm the main file itself is already whitelisted. 

Porthos would you mins extracting with 7zip and scanning the folder contents to see which file inside may be detected? I dont have any here when i scanned. 

 

The  single file and the extracted files are not detected for me any longer.

Link to post
Share on other sites

I received no answer when I asked if this would cause me to lose my apps, history, bookmarks and extensions and I have not been able to determine with any confidence myself what to expect. I use multiple profiles across multiple machines and to have to start from scratch would be a huge problem. Until I can determine the possible harm I cannot try this.

Link to post
Share on other sites

  • Root Admin

I have merged your two topics on this issue @BillieBuB

 

Please RESTART your computer and then run the following and post back the log when ready.
 

  • Open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.

 

Thank  you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.