Jump to content

Unspecified malware


Worriedguy555

Recommended Posts

Hello, 

I recently scanned our pcs for our dept and one came up with unspecified malware with no location or information. I  saved the report and quarantined it… in the txt file it says there was 0 detections on any basis and says nothing was quarantined. Looking back in malwarebytes there is nothing quarantined. I scanned with defender and hit man pro and nothing came up but some internet cookies.    Also, I scanned with malware bytes multiple times afterwords. I read on this forum it can be due to using expert algorithms and it is a fp. Just want to make sure we are all good here. 

Link to post
Share on other sites

Hello :welcome:

My name os Maurice. 

The report above is all perfect.  Really need to see the full old history of Malwarebytes in order to see the most recent Block notices or recent actual detections.

Also, is this pc on a company or organization network ?  Is this at a company or organization ?

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Link to post
Share on other sites

thank you for responding, yes this is an organization although we are rather small. Should I private message you this zip file not sure if it will show any sensitive data or anything else. 
 

We scan this computer two times a day and only had one item in quarantine in the last 30 days of which was a cab file which came negative on virus total after a full system scan.  

Link to post
Share on other sites

Thanks for the zip report. What is in the Malwarebytes Quarantine is for 6th December on a file AdobePI.cab that was in a sub-folder swComposerPlayer

That was flagged as Malware.Heuristic.1001

As starter steps, lets be sure this pc has the very latest release version of Malwarebytes.  Then set some adjustments.  Then do a new scan.

[  1  ]

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

[  2   ]

Some adjustments.

Start Malwarebytes for Windows.  Click the Settings icon.  Click the tab marked  SECURITY

 

 

image.png.0a7bd2aed37b7aa24863ffce2f90f998.png

Under the section "SCan options"

scroll down to "Use expert system algorithms to identify malicious files".  See that it is set to the far left  ( OFF position).

[  3  ]

Click the small x  on the bar titled "Settings" to exit this section.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

😉  Please just only attach reports as we go alog.

Link to post
Share on other sites

 That adobePI cab file is part of a program. I scanned that file with virustotal to make sure and there was no hits so possibly a false negative? It is a heuristic report so it may be? Im just wondering if that blank malware with no destination or information was a bug with the use expert agorithms... I did just update windows and just restarted so everything is up to date now along with the file rename operations. Reguardless, I submitted the new report after updating restarting and disabling that setting.

 

 

Scan.txt

Link to post
Share on other sites

Kudos. This pc has the latest Malwarebytes release & this last scan reports no malware.

It is possible that the cab file flagging was a FP.

You should run ( just as a second opinion) a Quick scan with Microsoft Defender antivirus.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.
Do a QUICK scan.
Let me know the end result of what the Microsoft Defender reports.

Link to post
Share on other sites

Okay, so defender is updated it updated with the other windows update. Quick scan does not detect anything. Ran another Hitmanpro scan nothing comes up for pc scan and also ran sophosscanandclean and nothing came up on there either. Must've been a FP; I was chasing my tail all day haha. Just a bit confused why that malware no dest or info came up I even scanned the day before that and the pc was off.

Link to post
Share on other sites

Thank you for your help Maurice you’ve been great! So we can conclude from this that it was a fp for the “malware” that did not exist due to using the advanced setting. Although it still is weird that I’ve always had that enabled. Scanned with multiple scanners looked through logs and it does seem like fp for both the quarantined file from last week and for the empty malware. So we can say this is solved?

 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.