Jump to content

Legit.MisusedLegit


IdefixPC
 Share

Recommended Posts

13 hours ago, shadowwar said:

This is a misused powershell.exe renamed to updater.exe. It should not be located where it is and should not be called updater. Thus the detection. 

Thanks @shadowwar for your explanations, but is this file a potential threat ?

Is it good to keep this file quarantined ?

Link to post
Share on other sites

3 hours ago, AdvancedSetup said:

Name is wrong and no executable files belong in the parent folder of ROAMING

C:\USERS\ROBERT\APPDATA\ROAMING\UPDATER.EXE

Even if the file is digitally signed and legit. Where it is and with it rename is a THREAT. Delete it.

 

Thanks @AdvancedSetup for your help and explanations. I had yet quarantined this file.

However this file is around 1 year old and the previous analysis with Malwarebytes didn't detect it ???!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.