Jump to content

Malware.AI: LPSS_X64_Threshold_Install_152702.EXE?


Recommended Posts

C:\dell\drivers\sio_win10_64_1.3\Intel Serial IO Drivers for Braswell SoC PV 1.3 - Win10 64bit\LPSS_X64_Threshold_Install_152702.EXE suddenly identified as "Malware.AI"

Been on machine for over a year.

Uploaded to VirusTotal. A couple identified as AI malware.

Is this a false positive?

Link to post
Share on other sites

  • Staff

Hello,

I need a bit more info to see why this is still being detected on your machine. My machine does not detect and file has been whitelisted for some time now.

Please open windows explorer and go here:
C:\ProgramData\Malwarebytes\MBAMService\ScanResults

Pick the latest scan results (should be around 10kb or so and is a .json file) and attach it here.

The 'ProgramData' folder is hidden so you'll need to show hidden files/folders to get there. How to if needed:
https://support.microsoft.com/en-us/windows/show-hidden-files-0320fe58-0117-fd59-6851-9b7f9840fdb2

Thanks,

 

Link to post
Share on other sites

1 minute ago, cushlomockree said:

Do you want me to rename "00a5925c-3d62-11ed-a1f9-c8f7504539c7.json" to something else (e.g. .txt)

Just zip it and attach it.

Please see the following on how to zip files

https://support.microsoft.com/en-us/windows/zip-and-unzip-files-8d28fa72-f2f9-712f-67df-f80cf89fd4e5

Edited by Porthos
Link to post
Share on other sites

  • Staff

Thanks for the log.

Can you try re-scan with rootkit scanning disabled? Please also ensure the machine is online so it can receive the latest definition updates.

We generally do not recommend rootkit scanning on all the time as it disables some whitelisting. Rootkit scanning is not enabled by default.

Thanks,

  • Like 1
Link to post
Share on other sites

I've always had rootkit scanning enabled with MBAM. Got one machine totally disabled when SCSI drivers got compromised about 10 years ago. Took about 2 weeks of work with what was then Vipre to make the determination and fix.

We normally are not connected to the internet at night after a Ransomware (matrix) attack occurred and encrypted every drive connected to it. This doesn't eliminate the threat, but narrows the window of attack to around 10 hrs.

If you say it's whitelisted, I'll put the locations on the "Allow List"

Link to post
Share on other sites

@cushlomockree I just noticed something.

Quote

OS: Windows 10 Server

I am sorry to inform you that Malwarebytes Premium (stand alone) is not designed or supported for use on any server OS and is also against the EULA as well.

  Quote

(b) Paid License.

If you purchased a license to the Software from Malwarebytes or from a Malwarebytes authorized reseller, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute the number of copies of the Software for which you have paid solely in executable form on the corresponding number of Devices owned or used by you. Furthermore, you may not Execute the Software on any Device(s) running a server operating system unless it is a Malwarebytes server product as reflected in its official product name and official release notes. You agree that your purchases are not contingent on the delivery of any future functionality or features (including future availability of any Software beyond the current license term or any new releases), or dependent on any oral or written public comments made by Malwarebytes regarding future functionality or features.

https://www.malwarebytes.com/eula/

The proper version is this. https://www.malwarebytes.com/business/ep-server-security/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.