Jump to content

ig.exe detected as emotet by Windows Defender

Recommended Posts

I have been experiencing several Windows Defender detections like the one below where every single time I trace the process pid in the defender event it traces back to one of the Malwarebytes ig.exe processes. I understand that process id's get reused, but I have seen this occurring on several systems and the pid always ties back to an ig-#.exe process. I have also checked the hashes and they are all digitally signed with 0 detections and this is occurring with different Security intelligence versions.


Is anyone else experiencing this?


Example process names:

C:\Program Files\Malwarebytes\Anti-Malware\ig-17.exe

C:\Program Files\Malwarebytes\Anti-Malware\ig-5.exe

C:\Program Files\Malwarebytes\Anti-Malware\ig-19.exe


Example event:

Name: Behavior:Win32/PowEmotet.SB
ID: 2147805329
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:5276:82135149762278; process:_pid:5276,ProcessStart:132827990610065328
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Not Applicable
Action Status: No additional actions required
Error Code: 0x00000000
Error description: The operation completed successfully.
Security intelligence Version: AV: 1.353.2078.0, AS: 1.353.2078.0, NIS: 1.353.2078.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4


Hash & VT results:


Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.