Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
IDP.HELU.MSEx4 - Fileless Malware
« previous
next »
Print
Pages:
1
2
[
3
]
4
Go Down
Author
Topic: IDP.HELU.MSEx4 - Fileless Malware (Read 18582 times)
0 Members and 1 Guest are viewing this topic.
PDI
Avast team
Full Member
Posts: 159
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #30 on:
October 31, 2019, 10:09:30 AM »
Hi,
I checked provided logs and I haven't found anything suspicious inside it.
Regards,
PDI
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #31 on:
October 31, 2019, 10:35:34 AM »
Hi, sorry for the delay, here is the Fixlog of BITSADMIN.
thanks for your help guys
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #32 on:
October 31, 2019, 10:44:40 AM »
Hello PDI,
So what to think then about this message?
thank you
Logged
PDI
Avast team
Full Member
Posts: 159
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #33 on:
October 31, 2019, 02:46:37 PM »
Hi,
do you have any other computer on the network when the detection occurs?
Maybe we are looking on wrong computer.
PDI
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #34 on:
October 31, 2019, 02:51:15 PM »
nope, it's just me connected on my box via wifi...
Logged
PDI
Avast team
Full Member
Posts: 159
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #35 on:
October 31, 2019, 03:46:29 PM »
Hi Oliv.C,
last chance is WMI.
Can you download
https://github.com/vinaypamnani/wmie2/releases
and follow these steps?
1) press Connect button
2) navigate to the ROOT\subscription
3) for each subscription
a) press right mouse button on it and run Enumerate Classes and navigate into the Classes subwindow
b) select ActiveScriptEventConsumer, press right mouse button on it and run Enumerate Instances
c) select CommandLineEventConsumer, press right mouse button on it and run Enumerate Instances
if there are any records for instances in steps b) or c) please try to get of the instance and share it with us
Thanks,
PDI
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #36 on:
November 01, 2019, 06:37:23 PM »
Hello PDI,
so i ran WmiExplorer, and found a few classes that had ActiveScriptEventConsumer and CommandLineEventConsumer but none of them had any instance.
Thanks
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #37 on:
November 12, 2019, 11:54:12 AM »
Hello again, so does anybody have another idea please?
thanks a lot
Logged
Michael (alan1998)
Massive Poster
Posts: 2768
Volunteer
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #38 on:
November 12, 2019, 05:40:32 PM »
I have reached out to PDI for comment.
Logged
VOLUNTEER
Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.
Security is a mindset, not an application. Think BEFORE you click.
PDI
Avast team
Full Member
Posts: 159
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #39 on:
November 12, 2019, 08:26:24 PM »
Hi,
unfortunately if there aren't instances in the WMI then I cannot help you anymore now. If I find something I'll let you know.
Regards,
PDI
Logged
Sass Drake
MyCity AMF R2
Avast Evangelist
Advanced Poster
Posts: 820
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #40 on:
November 12, 2019, 11:39:42 PM »
Please post new FRST.txt and Addition.txt logs.
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #41 on:
November 15, 2019, 03:57:08 PM »
Hello sorry for the delay here are the newest files. thanks
Logged
Sass Drake
MyCity AMF R2
Avast Evangelist
Advanced Poster
Posts: 820
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #42 on:
November 15, 2019, 05:59:37 PM »
Logs look clean. Please scan PC with TDSSKiller.
http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #43 on:
November 16, 2019, 11:11:40 AM »
Hello, TDSSKiller didn't return any threat...
Thank you
Logged
Oliv.C
Jr. Member
Posts: 24
Re: IDP.HELU.MSEx4 - Fileless Malware
«
Reply #44 on:
December 07, 2019, 06:25:54 PM »
Hello guys, so does somebody have any more ideas?
i'm still getting this annoying message.
thanks
Logged
Print
Pages:
1
2
[
3
]
4
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
IDP.HELU.MSEx4 - Fileless Malware