« previous next »
Pages: [1]   Go Down

Author Topic: False positive or malware?  (Read 3082 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
False positive or malware?
« on: August 30, 2016, 01:40:19 AM »
So In the last few days i have seen a notification appearing at least every 15 minutes saying that a threat has been blocked. Running a scan however yields no results, and using malwarebytes nothing is detected. The detection pops up with no particular pattern, and to me it doesn't seem to be associated with a particular program I use.

Googling the object name "cookie773.exe" it shows up on a malware analysis website, but then why is it not detected by either Avast or Malwarebytes?

I don't know the directory it's operating out of either since "wscript.exe" is a windows process, meaning that I am clueless as to how to remove or stop this. I've attached the notification popup that Avast displays when it detects the virus.

Some help would be appreciated thanks.  :)
Logged

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1371
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: False positive or malware?
« Reply #1 on: August 30, 2016, 05:24:37 AM »
Hi kash1ninja,

This is weird case, but according to some cases that i found on blog that wscript.exe part of windows scripting to support VBScript program on windows.
Below are some information that you can try and error:
xttps://support.microsoft.com/en-us/kb/232211
xttp://www.howtogeek.com/forum/topic/wscriptexe-problem
xttp://www.file.net/process/wscript.exe.html

We hope with above references can help you.

Cheers,
Logged
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: False positive or malware?
« Reply #2 on: August 30, 2016, 06:42:17 AM »
Please follow the directions for scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware

FRST.txt, Addition.txt, Malwarebytes Anti-Malware log and aswMBR.txt.  Thanks.
Logged
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2294
Re: False positive or malware?
« Reply #3 on: August 30, 2016, 08:03:50 AM »
Hello,
wscript runs some script which tries to download the detected file. Try to find wscript.exe process in Task manager where should be also mentioned parameters (command line) of the wscript, which is the source of the script trying to download the file.

Milos
Logged

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: False positive or malware?
« Reply #4 on: August 31, 2016, 03:54:20 AM »
The logs I have asked for will show where wscript is being called / run from.
Logged
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

REDACTED

  • Guest
Re: False positive or malware?
« Reply #5 on: August 31, 2016, 03:27:40 PM »
Thanks for the help guys.

In over 24 hours, and 3 restarts I have not encountered the issue at all  ;D,  and I am unsure why. Some time after my original post i installed AVG, but it did not detect anything so I uninstalled. That was the only changes to the system made in that period.

Its possible that the file is perhaps laying dormant?  So I will specifically look out for the wscript process if I see this detected by Avast again, but for now the issue is solved i guess.

Thanks again.  :)
Logged
Pages: [1]   Go Up
« previous next »