Mrrom145 Posted May 25, 2021 ID:1459371 Share Posted May 25, 2021 I've had three detections come up today, one from the daily scan conducted overnight and two from a full scan I did today. All were detected as "Malware.AI.687746623". The first one detected was AU_.exe located in the local temp folder ~NSU.TMP in c:drive, and the other two were both EADM.installer.exe on my second hard drive and on the e:drive. These were both electronics arts installer.exe files (e:drive contained the Sims 3 disc). Is this false positive or do I need to perform additional actions to make sure my computer is safe? Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 25, 2021 ID:1459377 Share Posted May 25, 2021 Hello @Mrrom145 First of all, any EXE file in any TEMP folder you can go ahead and delete. Did you recently, like today, or yesterday install any 'SIMS' ? Link to post Share on other sites More sharing options...
Mrrom145 Posted May 25, 2021 Author ID:1459378 Share Posted May 25, 2021 Just now, Maurice Naggar said: Hello @Mrrom145 First of all, any EXE file in any TEMP folder you can go ahead and delete. Did you recently, like today, or yesterday install any 'SIMS' ? I had the CD for "The Sims 3" video game in my DVD drive at the time of the scan and selected it to be scanned. I had installed the disk previously, but not yesterday or today. I uninstalled it about a month ago since I wasn't going to play it again. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 25, 2021 ID:1459379 Share Posted May 25, 2021 Hi. Be sure any CD or DVD is not in the drive. #2 locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 We will do more, later. Link to post Share on other sites More sharing options...
Mrrom145 Posted May 25, 2021 Author ID:1459382 Share Posted May 25, 2021 3 minutes ago, Maurice Naggar said: Hi. Be sure any CD or DVD is not in the drive. #2 locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 We will do more, later. Hello, I've attached the first scan that was done that pulled up the first .exe file in temp. I accidentally deleted my other scan result for the two other files, unfortunately. malwarebytesscan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 25, 2021 ID:1459384 Share Posted May 25, 2021 PS. No need to press Quote when you do a reply. You & I are the only ones on this topic. I get a notice each time there is a new Reply. I will take a look at your report. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 25, 2021 ID:1459385 Share Posted May 25, 2021 This EXE file should be deleted. Any EXE in any TEMP folder is fair game to be deleted. C:\USERS\HEXAGON1\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE Use this article guide so that Windows is set to SHOW all folders & files https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html . In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. Link to post Share on other sites More sharing options...
Mrrom145 Posted May 25, 2021 Author ID:1459392 Share Posted May 25, 2021 Hello, I've reviewed and went through, and attached the latest report from this. It didn't have any detections. malwarebytesscan2.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 25, 2021 Solution ID:1459405 Share Posted May 25, 2021 OK, that is very good. Now to insure the program is all up to date. Start Malwarebytes for Windows. Click on the Settings ( gear icon) Now click on the tab "General". Then scroll up a bit. and then click on "Check for Updates " button. Watch & follow all prompts. That ought to do a check with the update server, and hopefully offer the newest component update. If it does not, try again later ( one more time ) at the Top of the clock hour. Close the program when done. . The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Select Quick scan from scan options Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Mrrom145 Posted May 26, 2021 Author ID:1459482 Share Posted May 26, 2021 Hello, I've updated Malwarebytes and downloaded/run the microsoft safety scanner. and ran the tool. It came back with no results and the log is attached. msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459567 Share Posted May 26, 2021 Hello. Good morning. That is excellent. Given this result & the result from last Malwarebytes scan, we can call this a wrap. Is there anything else you need ? You can delete MSERT.exe Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2021 ID:1462242 Share Posted June 8, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts