Jump to content

Malware.Ransom.Agent.Generic from build

linearchaos

By linearchaos
in File Detections

 Share

Recommended Posts

  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted (edited)

@linearchaos just to follow on from @cli's post, I'd like to help try to better understand the cause of this detection. Could you please run our support tool and attach the archive it creates?

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

 

 

Edited by tetonbob
Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Hi @linearchaos - thanks for that set of logs. I didn't realize the machine was using our Nebula business solution. The instructions I sent were for our Malwarebytes Premium consumer product, and while it should have had enough to go on, the data I was hoping to review was not collected.

For Nebula, on the endpoint which had the detection, you can generate a set of diagnostic logs by pressing the Ctrl key on your keyboard + right click on the Malwarebytes tray icon, then select 'Generate Diagnostic Logs'. An archive will be created on your desktop, Malwarebytes Diagnostics.zip

Can you attach that for me please? Or, if you prefer, you can send it to me via Private Message here on the forums.

Thanks!

Link to post
Share on other sites
linearchaos

linearchaos

Posted
  • Author
Posted

Fun times, when i followed the log grabbing mentioned above, i clicked the wrong thing, it had me uninstall mwb, I did that, entered the tamper.  but it left my mwb install partial (windows thought it was installed, but uninstall/reinstall wouldn't work)  So I went through mwb support and had to run the endpoint agent cleanup to reinstall.  but my old detection logs are gone.

I reinstalled, but now the defs don't catch detect it (it's working because it can still see eicar)

My developer that originally sent me the fail was the only other detection, but I already had her uninstall to keep working.  I'll see if I can get her to reinstall and run the diag, but i fear that data might be lost now.
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.