Malwarebytes detected Malware.Exploit.Agent – T1003 after AMD Chipset software installation, downloaded from MSI’s website

1 : Anonymous2021/03/26 11:02 ID: mdm4a5

Is this a known thing to take place? Either way, if someone smarter than myself could explain how/why to me, that would be fantastic.

Here is the :link to the file that this happened while installing.

The following is the entire log from during the installation:


-Log Details-

Protection Event Date: 3/26/21

Protection Event Time: 6:52 AM

Log File: 4b1f5ecc-8e21-11eb-8276-2cf05d3e21a8.json

-Software Information-


Components Version: 1.0.1236

Update Package Version: 1.0.38723

License: Premium

-System Information-

OS: Windows 10 (Build 18363.1316)

CPU: x64

File System: NTFS

User: System

-Exploit Details-

File: 0

(No malicious items detected)

Exploit: 1

Malware.Exploit.Agent - T1003 - Credential Access, , Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-

Affected Application: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe

Protection Layer: APT Behavior Protection

Protection Technique: T1003 - Credential Access

File Name:



2 : Anonymous2021/03/26 11:40 ID: gsa3vhb

You're getting a generic suspicious behavior warning, highly likely it's a false positive, however i cannot guarantee it, so download from AMD's own site if you're feeling uneasy about this.

Driver installation of some kind is likely to trigger this, especially if it takes some unusual way to do its thing. AV scanners are set to be highly paranoid about any low level access behavior they don't recognize.

ID: gsc0d0o

Ooh I didn't even think about virus total. Good lookin out

3 : Anonymous2021/03/26 13:03 ID: gsac218

+1 download Chipset and GPU drivers directly from AMD.

ID: gsae7bl

I was getting the new BIOS for my mobo, so I was already there. That's how it came about that I used msi's site.

ID: gsb04ll

I hear ya. The convenience is there, unfortunately the AIBs don't always update their drivers listed to the latest version, and at times they add a bit of bloat to the installers, which may be the false positive malware bytes picked up on. One example is ASROCK has an AMD-all-in-one driver update availble. They stopped updating it after around 4-6 months post release (Just looked, they outright removed it since I last checked out of curiousity). Mind you this was for my x370 board, so its aged.

Another example using my motherboard and ASROCK, is they updated their driver page for my motherboard with chipset drivers ver, dated 3/9/2021. I currently have Motherboard chipset driver installed.

4 : Anonymous2021/03/26 12:12 ID: gsa6ru5

It's a credential problem: T1003 means one (or more?) of the data packages has an expired or invalid Digital Certificate or, more likely, that Malwarebytes recognizes that Certificate as potentially damaging.

Since it seems like you have a Premium account, try dropping them a line: you are a paying customer after all, and it cannot be worse than dealing with Digital River.

ID: gsadwt9

I might just do that.

ID: gsap8hj

Haha i love it how we are just talking shit about dr after this whole store ordering shenanigans.

ID: gsawcov

You know those old flicks about Vietnam where a veteran sees something that awakens suppressed trauma like seeing his best friend shot by a sniper or something equally atrocious? Same thing. Digital River has long had its tentacles everywhere, so it's likely a a lot of folks is starting to have far from pleasant flashbacks.

5 : Anonymous2021/03/26 13:44 ID: gsagy7u

I submitted a ticket. If I learn anything interesting, I will post it here

ID: gsbv22j

You're doing gods work.

ID: gsbxzxk

Just an automated response giving me a ticket number, thus far.

6 : Anonymous2021/03/26 18:17 ID: gsbhgcs

I know others have already said so, but download chipset drivers only from AMD's website.

7 : Anonymous2021/03/26 14:38 ID: gsanx6e

It's highly likely a false positive, but you never know. Razer a decade ago was hacked and Razer's drivers were reuploaded with a trojan virus in them.

ID: gsc7bf4

ASUS in 2019, too.

8 : Anonymous2021/03/26 15:38 ID: gsaw4mi

I haven’t used AV software since like 2007. It’s all garbage. Windows has enough built-in security.

ID: gsb1bmn

Malwarebytes and ESET are aight

ID: gsb1ak9

Malwarebytes and ESET are aight

ID: gscq2l2

Not really especially if you work with new files / use pirate games/soft. Using Kapersky cloud + wise vector for extra anti ransomware. Free and minimum false alarms (I think I got 3 last year)

9 : Anonymous2021/03/26 13:41 ID: gsagkco

lol, someone in another thread gave MalwareBytes as an example of a "good" antivirus suite.

In any case - download direct from AMD's site, not the mobo vendor's.

10 : Anonymous2021/03/26 11:02 ID: gsa0u45


ID: gsa19pt

Msi's a taiwan company. Get the chipset drivers from amd site if you're worried

Update, i'm sayin it's taiwan to assure op it's safe, op said that china's trying to ship malware with the drivers

ID: gsa1dav

Retracted. They were trying to silence negative reviews fairly recently,so I think you can see why I might get them confused

ID: gsa1jdw

Am not worried, more curious

ID: gsaqmda

Funnily enough TSMC is too ..should we be worried about malware in the PSP 😛


In all honesty with how fucking overzealous Malwarebytes is at times I wouldn't be at all surprised to see it flag the PSP as malware at some point.

I get more false positive warnings from it than I do actual real warnings.

11 : Anonymous2021/03/26 15:48 ID: gsaxftu

Was this update to fix the USB connection issues?

ID: gsc2knj

No idea, but im pretty sure the issue date was newer than what I had running

12 : Anonymous2021/03/26 16:07 ID: gsb02ja

MSI dragon center can be classified a malware as it keeps installing cfospeed(it messes up my upload speeds) without any visible way to disable it.

ID: gsbn7op

With the latest dragon center you can. Don't get me wrong. Dragon center is the worst kind of pc cancer there is.

ID: gsbz6vf

I don't see this issue, thankfully. I use it for fan curves without having to enter the bios. All other monitoring is done by Ryzen Masters and Radeon software, although I have been thinking about trying afterburner with my new ekwb gpu cooler. Still gotta get the rgb working. That 3 pin connector is pure torture,imo

13 : Anonymous2021/03/26 18:14 ID: gsbh437

I was about to install the MSI chipset driver!!

Edit: the Audio and Lan drivers should be okay to download from my MSI board page??

ID: gsbzfd2

I installed them, they were fine.

14 : Anonymous2021/03/26 20:02 ID: gsbx4zj

Yeah, I'm my experience you'll get the most up to date chipset drivers direct from AMD. MSI is actually pretty good about getting bios updates out pretty quick (at least for my board) but, chipset must be the job of another department because they're months old most times

15 : Anonymous2021/03/26 22:14 ID: gsch8yf

Maybe scalping and increasing prices were not enough for MSI so they decided to turn customer pcs to zombies and mine with them for even moar profit xd

16 : Anonymous2021/03/26 23:04 ID: gscogvk

I wish I could be as cool as some of you all. Your opinions are so edgy and impressive

17 : Anonymous2021/03/27 00:17 ID: gscyjng

18 : Anonymous2021/03/27 01:44 ID: gsda9gk

Always download from AMD lol

ID: gsdahqz

What a refreshing comment

19 : Anonymous2021/03/26 13:55 ID: gsaib0p

Wrong sub, try


ID: gsalktt

Is it so wrong to be curious about something? How tf do yall learn anything?

ID: gsawz8j

Your mistake was using Malwarebytes. Even Norton AV is better.

20 : Anonymous2021/03/26 19:09 ID: gsboopx

It's Malwarebytes. They probably have a false positive they whitelisted for AMD package but the white list isn't working here.

Malware bytes in any event is shit anyway

21 : Anonymous2021/03/26 13:29 ID: gsaf19b

People avoid them for a reason. If you try to see since which bios version a cpu is supported for their mainboards ... no data (very sad) !


Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x