-
Is this a known thing to take place? Either way, if someone smarter than myself could explain how/why to me, that would be fantastic.
Here is the :link to the file that this happened while installing.
The following is the entire log from during the installation:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 3/26/21
Protection Event Time: 6:52 AM
Log File: 4b1f5ecc-8e21-11eb-8276-2cf05d3e21a8.json
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38723
License: Premium
-System Information-
OS: Windows 10 (Build 18363.1316)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent - T1003 - Credential Access, , Blocked, 0, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe
Protection Layer: APT Behavior Protection
Protection Technique: T1003 - Credential Access
File Name:
URL:
(end)
-
You're getting a generic suspicious behavior warning, highly likely it's a false positive, however i cannot guarantee it, so download from AMD's own site if you're feeling uneasy about this.
Driver installation of some kind is likely to trigger this, especially if it takes some unusual way to do its thing. AV scanners are set to be highly paranoid about any low level access behavior they don't recognize.
ID: gsb8yh3ID: gsc0d0oOoh I didn't even think about virus total. Good lookin out
-
+1 download Chipset and GPU drivers directly from AMD.
ID: gsae7blI was getting the new BIOS for my mobo, so I was already there. That's how it came about that I used msi's site.
ID: gsb04llI hear ya. The convenience is there, unfortunately the AIBs don't always update their drivers listed to the latest version, and at times they add a bit of bloat to the installers, which may be the false positive malware bytes picked up on. One example is ASROCK has an AMD-all-in-one driver update availble. They stopped updating it after around 4-6 months post release (Just looked, they outright removed it since I last checked out of curiousity). Mind you this was for my x370 board, so its aged.
Another example using my motherboard and ASROCK, is they updated their driver page for my motherboard with chipset drivers ver 2.11.26.106, dated 3/9/2021. I currently have Motherboard chipset driver 2.13.27.501 installed.
-
It's a credential problem: T1003 means one (or more?) of the data packages has an expired or invalid Digital Certificate or, more likely, that Malwarebytes recognizes that Certificate as potentially damaging.
Since it seems like you have a Premium account, try dropping them a line: you are a paying customer after all, and it cannot be worse than dealing with Digital River.
ID: gsadwt9I might just do that.
ID: gsap8hjHaha i love it how we are just talking shit about dr after this whole store ordering shenanigans.
ID: gsawcovYou know those old flicks about Vietnam where a veteran sees something that awakens suppressed trauma like seeing his best friend shot by a sniper or something equally atrocious? Same thing. Digital River has long had its tentacles everywhere, so it's likely a a lot of folks is starting to have far from pleasant flashbacks.
-
I submitted a ticket. If I learn anything interesting, I will post it here
ID: gsbv22jYou're doing gods work.
ID: gsbxzxkJust an automated response giving me a ticket number, thus far.
-
I know others have already said so, but download chipset drivers only from AMD's website.
-
It's highly likely a false positive, but you never know. Razer a decade ago was hacked and Razer's drivers were reuploaded with a trojan virus in them.
ID: gsc7bf4ASUS in 2019, too.
-
I haven’t used AV software since like 2007. It’s all garbage. Windows has enough built-in security.
ID: gsb1bmnMalwarebytes and ESET are aight
ID: gsb1ak9Malwarebytes and ESET are aight
ID: gscq2l2Not really especially if you work with new files / use pirate games/soft. Using Kapersky cloud + wise vector for extra anti ransomware. Free and minimum false alarms (I think I got 3 last year)
-
lol, someone in another thread gave MalwareBytes as an example of a "good" antivirus suite.
In any case - download direct from AMD's site, not the mobo vendor's.
-
[deleted]
ID: gsa19ptMsi's a taiwan company. Get the chipset drivers from amd site if you're worried
Update, i'm sayin it's taiwan to assure op it's safe, op said that china's trying to ship malware with the drivers
ID: gsa1davRetracted. They were trying to silence negative reviews fairly recently,so I think you can see why I might get them confused
ID: gsa1jdwAm not worried, more curious
ID: gsaqmdaFunnily enough TSMC is too ..should we be worried about malware in the PSP 😛
Wait...
In all honesty with how fucking overzealous Malwarebytes is at times I wouldn't be at all surprised to see it flag the PSP as malware at some point.
I get more false positive warnings from it than I do actual real warnings.
-
Was this update to fix the USB connection issues?
ID: gsc2knjNo idea, but im pretty sure the issue date was newer than what I had running
-
MSI dragon center can be classified a malware as it keeps installing cfospeed(it messes up my upload speeds) without any visible way to disable it.
ID: gsbn7opWith the latest dragon center you can. Don't get me wrong. Dragon center is the worst kind of pc cancer there is.
ID: gsbz6vfI don't see this issue, thankfully. I use it for fan curves without having to enter the bios. All other monitoring is done by Ryzen Masters and Radeon software, although I have been thinking about trying afterburner with my new ekwb gpu cooler. Still gotta get the rgb working. That 3 pin connector is pure torture,imo
-
I was about to install the MSI chipset driver!!
Edit: the Audio and Lan drivers should be okay to download from my MSI board page??
ID: gsbzfd2I installed them, they were fine.
-
Yeah, I'm my experience you'll get the most up to date chipset drivers direct from AMD. MSI is actually pretty good about getting bios updates out pretty quick (at least for my board) but, chipset must be the job of another department because they're months old most times
-
Maybe scalping and increasing prices were not enough for MSI so they decided to turn customer pcs to zombies and mine with them for even moar profit xd
-
I wish I could be as cool as some of you all. Your opinions are so edgy and impressive
-
virustotal.com
-
Always download from AMD lol
ID: gsdahqzWhat a refreshing comment
-
Wrong sub, try
.ID: gsalkttIs it so wrong to be curious about something? How tf do yall learn anything?
ID: gsawz8jYour mistake was using Malwarebytes. Even Norton AV is better.
-
It's Malwarebytes. They probably have a false positive they whitelisted for AMD package but the white list isn't working here.
Malware bytes in any event is shit anyway
-
People avoid them for a reason. If you try to see since which bios version a cpu is supported for their mainboards ... no data (very sad) !
引用元:https://www.reddit.com/r/Amd/comments/mdm4a5/malwarebytes_detected_malwareexploitagent_t1003/
highly likely it's a false positive