Jump to content

Malwarebytes stopping Word - Threat Malware.Exploit.Agent.Generic


CapnJB
 Share

Recommended Posts

I recently had to do a clean install of Windows 10. All was well for two or three days with Word 2003 (I still prefer this version). This morning I tried to start Word and Malwarebytes blocked the start because of a "Malware.Exploit.Agent.Generic" listed as an "Exploit Office WMI abuse blocked", Location "explorer.exe."

I ran a MB threat scan but that didn't come up with any issues (log attached). Then I downloaded the Farbar Recovery Scan Tool and ran a scan. When I looked at the resulting text file (FRST.txt) the first time I noticed a few items that had been "fixed." The tool says items on the "fixed list" may or will be removed. I didn't click on fix on the tool dialog box because I wanted to see what the items were. However, the tool apparently "fixed" the issues and deleted a half a dozen folders  and a few files.

I don't know if the tool is supposed to do that but be cautious if you are using it.

After I checked the Recycle Bin and restored the folders and files I needed I went back to FRST.txt to see if I had missed anything. All reference to any "Fixed" items was GONE except on three disk drive entries. Very weird behavior.

In any event, Word is now working fine so I guess the Farbar tool must have deleted a problem file; but I wish I knew what it was. There is now no reference to "Fixed" files in either the FRST.txt or Addition.txt text files that were created after the Farbar scan.

I'm also not happy that the Farbar tool deleted files and folders before telling me that it was going to do that; I did not click the "Fix" button.MBytes Report 9-1-2021.txt

Link to post
Share on other sites

1 hour ago, CapnJB said:

Then I downloaded the Farbar Recovery Scan Tool and ran a scan. When I looked at the resulting text file (FRST.txt) the first time I noticed a few items that had been "fixed." The tool says items on the "fixed list" may or will be removed. I didn't click on fix on the tool dialog box because I wanted to see what the items were. However, the tool apparently "fixed" the issues and deleted a half a dozen folders  and a few files.

I don't know if the tool is supposed to do that but be cautious if you are using it.

Farbar does not delete or "fix" anything unless you run a "fixlist" prepared by a malware removal expert. Did you run a fixlist meant for another user in another topic?

Link to post
Share on other sites

3 hours ago, Porthos said:

Farbar does not delete or "fix" anything unless you run a "fixlist" prepared by a malware removal expert. Did you run a fixlist meant for another user in another topic?

That may be how Farbar is supposed to act but it did delete or "fixed" items on my computer. I have no idea what a '"fixlist" prepared by a malware removal expert' might be and I have never seen a fixlist before and have only used Farbar one time and never before that.

I followed the instructions on the "I'm infected - What do I do now?" entry posted by AdvancedSetup:

As directed, I downloaded Farbar from the BleepingComputer Website; then I double clicked it to run it and clicked "Scan."

I was very surprised when it immediately created a file called FRST.txt even while the scan was running. When the scan stopped a file called Addition.txt was created and a second FRST.txt file was created.

I looked at the original FRST.txt file and noticed several statements about a fixlist and that the file or folder would be removed. I noticed that several drivers that came from a backup system32 folder were labeled as various problems and that they would be removed. Unfortunately, I thought that both versions of the FRST.txt file were the same and I must have closed the earliest one. I went to my Recycle Bin to see if any driver files or folders had been deleted and noticed at least a half dozen files and folders that should not have been deleted had been deleted. But no "fixlist" was ever created anywhere that I can see and the folders and files were deleted before I did anything else.

 

Link to post
Share on other sites

21 minutes ago, CapnJB said:

I was very surprised when it immediately created a file called FRST.txt even while the scan was running. When the scan stopped a file called Addition.txt was created and a second FRST.txt file was created.

Those are Just log files. All normal.

 

21 minutes ago, CapnJB said:

I went to my Recycle Bin to see if any driver files or folders had been deleted and noticed at least a half dozen files and folders that should not have been deleted had been deleted.

FRST does not delete to the recycle bin. It has it own quarantine folder.

Please attach the FRST.txt and the Addition.text here.

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.