Jump to content

Recommended Posts

I keep getting the following message on one system that hosts an application that that creates print forms for other users.  But the alert is vague and doesn't help me to find the root of the alert.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/15/21
Protection Event Time: 6:28 PM
Log File: 6fd27d30-467c-11ec-b182-4ccc6a638fc0.json

-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47238
License: Premium

-System Information-
OS: Windows 10 (Build 19042.1348)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

File: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

1 minute ago, DEREKT32 said:

I keep getting the following message on one system that hosts an application that that creates print forms for other users.  But the alert is vague and doesn't help me to find the root of the alert.

Can you please gather logs and post them back so that we can review further.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

5 minutes ago, DEREKT32 said:

here are the logs.

I will alert @tetonbob to your issue. He might need additional logs from you.

Also restart the computer.

Quote

Pending File Rename Operations
========================================
C:\WINDOWS\system32\spool\V4Dirs\7E040A3C-09F7-4C5C-AF1B-041C53A3E02F\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\7E040A3C-09F7-4C5C-AF1B-041C53A3E02F\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\7E040A3C-09F7-4C5C-AF1B-041C53A3E02F\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\9AF3BF2E-91CB-4869-81C9-5B9D9FDDE11A\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\9AF3BF2E-91CB-4869-81C9-5B9D9FDDE11A\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\9AF3BF2E-91CB-4869-81C9-5B9D9FDDE11A\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\4E775C5D-8860-49F2-BABE-C04D699CE21F\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\4E775C5D-8860-49F2-BABE-C04D699CE21F\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\4E775C5D-8860-49F2-BABE-C04D699CE21F\pdc.xml        
C:\Windows\Temp\37c86965-b4c4-460f-80a6-8fd673b6225c.tmp                             
C:\WINDOWS\system32\spool\V4Dirs\45B7905A-E65A-4718-BB6F-00EBDBBC1BFE\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\45B7905A-E65A-4718-BB6F-00EBDBBC1BFE\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\45B7905A-E65A-4718-BB6F-00EBDBBC1BFE\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\E38866FC-FE49-46BF-B655-74D4E4C468F0\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\E38866FC-FE49-46BF-B655-74D4E4C468F0\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\E38866FC-FE49-46BF-B655-74D4E4C468F0\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\6905C9CD-54FC-4B5E-BA4A-1F72F4675B17\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\6905C9CD-54FC-4B5E-BA4A-1F72F4675B17\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\6905C9CD-54FC-4B5E-BA4A-1F72F4675B17\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\523B8D21-D096-4199-82DD-5DA566C0399D\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\523B8D21-D096-4199-82DD-5DA566C0399D\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\523B8D21-D096-4199-82DD-5DA566C0399D\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\D64EE704-CEF5-4ADC-8590-492A43AE2E6F\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\D64EE704-CEF5-4ADC-8590-492A43AE2E6F\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\D64EE704-CEF5-4ADC-8590-492A43AE2E6F\pdc.xml        
C:\WINDOWS\system32\spool\V4Dirs\F702580F-4A17-485C-9D33-B4547EB3FE69\69b8a4a.BUD    
C:\WINDOWS\system32\spool\V4Dirs\F702580F-4A17-485C-9D33-B4547EB3FE69\69b8a4a.gpd    
C:\WINDOWS\system32\spool\V4Dirs\F702580F-4A17-485C-9D33-B4547EB3FE69\pdc.xml        

 

 

Edited by Porthos
Link to post
Share on other sites

  • Staff

@DEREKT32- please add this file to your Allow List and see if that resolves the issue you're experiencing.
C:\Program Files (x86)\PlanetPress Suite 7\PlanetPress Watch\Bin\PPWatchService.exe

Also, are you seeing a detection notification when this issue occurs? This file is being detected by the ArwSDK but it's also being whitelisted by the Malwarebytes controllers (in the application) so you should not be seeing a detection notification.

Edited by tetonbob
Link to post
Share on other sites

  • Staff

Thanks! If you do see a notification, please try to capture a screenshot of that notification. The tray notifications do self-dismiss, but you can change that behavior to 'Do not close'. This setting is on Settings > Notifications > Close notifications after. From there you make a selection using the drop-down menu. Do not close is at the bottom of that menu.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.