Jump to content

Help with detections from Malware.AI

Mrrom145
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

Mrrom145

Mrrom145

Posted
Posted

I've had three detections come up today, one from the daily scan conducted overnight and two from a full scan I did today. All were detected as "Malware.AI.687746623". The first one detected was AU_.exe located in the local temp folder ~NSU.TMP in c:drive, and the other two were both EADM.installer.exe on my second hard drive and on the e:drive. These were both electronics arts installer.exe files (e:drive contained the Sims 3 disc).

 

Is this false positive or do I need to perform additional actions to make sure my computer is safe?

Link to post
Share on other sites
Mrrom145

Mrrom145

Posted
  • Author
Posted
Just now, Maurice Naggar said:

Hello @Mrrom145 

First of all, any EXE file in any TEMP folder you can go ahead and delete.

Did you recently, like today, or yesterday install any 'SIMS' ?

I had the CD for "The Sims 3" video game in my DVD drive at the time of the scan and selected it to be scanned. I had installed the disk previously, but not yesterday or today.  I uninstalled it about a month ago since I wasn't going to play it again.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi. Be sure any CD or DVD is not in the drive.

#2

locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

Link to post
Share on other sites
Mrrom145

Mrrom145

Posted
  • Author
Posted
3 minutes ago, Maurice Naggar said:

Hi. Be sure any CD or DVD is not in the drive.

#2

locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

Hello,

I've attached the first scan that was done that pulled up the first .exe file in temp. I accidentally deleted my other scan result for the two other files, unfortunately.

 

 

malwarebytesscan.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

This EXE file should be deleted. Any EXE in any TEMP folder is fair game to be deleted.

C:\USERS\HEXAGON1\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE

Use this article guide so that Windows is set to SHOW all folders & files 

 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted

OK, that is very good.

Now to insure the program is all up to date.

Start Malwarebytes for Windows. Click on the Settings ( gear icon)

Now click on the tab "General". 

Then scroll up a bit. and then click on "Check for Updates " button.

 

Watch & follow all prompts.

 

That ought to do a check with the update server, and hopefully offer the newest component update.

 

If it does not, try again later ( one more time ) at the Top of the clock hour.

Close the program when done.

.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

  •   Select Quick scan from scan options

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.