Questions and Answers : Windows : Rosetta File Detected as Fiel Threat (Bloodhound on Norton) and (Ransomware on Malwarebytes)
Author | Message |
---|---|
RAWNet Send message Joined: 13 Feb 09 Posts: 1 Credit: 319,337 RAC: 0 |
Any ideas? Don't like the idea of excluding BOINC directories as suggested in other posts - this could even be why Rosatta is being targeted? Filename: minirosetta_3.78_windows_intelx86.exe Threat name: Bloodhound.MalPEFull Path: e:boincprojectsboinc.bakerlab.org_rosettaminirosetta_3.78_windows_intelx86.exe ____________________________ On computers as of Wed 04 Oct 2017 at 18:26:37 Last Used Sun 08 Oct 2017 at 08:29:23 Startup Item No Launched No Threat type: Heuristic Virus. Detection of a threat based on malware heuristics. ____________________________ minirosetta_3.78_windows_intelx86.exe Threat name: Bloodhound.MalPE Locate Very Few Users Fewer than 5 users in the Norton Community have used this file. Very New This file was released less than 1 week ago. High This file risk is high. ____________________________ https://boinc.bakerlab.org/rosetta/download/minirosetta_3.78_windows_intelx86.exe Downloaded File from bakerlab.org Source: External Media minirosetta_3.78_windows_intelx86.exe Norton ____________________________ File Actions Infected file: e:boincprojectsboinc.bakerlab.org_rosetta minirosetta_3.78_windows_intelx86.exe Removed ___________________________ File Thumbprint - SHA: 5844d8c1213ac68343df41043124cff29e8c5091d4d42c8eaa5f1396ef18f1b5 File Thumbprint - MD5: 3581a7c3401044037db7f2198f7d7d50 ============================================================================================== Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/5/17 Protection Event Time: 5:30 AM Log File: 6bd83064-a93a-11e7-88b8-00ffed60e8ec.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2950 License: Premium -System Information- OS: Windows 10 (Build 15063.608) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, E:BOINCprojectsboinc.bakerlab.org_rosettaminirosetta_3.78_windows_intelx86.exe, Quarantined, [0], [392685],0.0.0 |
Sid Celery Send message Joined: 11 Feb 08 Posts: 2122 Credit: 41,188,634 RAC: 9,515 |
Unusual. I use both Norton Security and Malwarebytes and neither have flagged the new Mini Rosetta application, except for high CPU usage Edit: Correction, my high CPU usage is coming up for the x86_64.exe file rather than the intelx86.exe file you're reporting, which matches what your tasks are reporting. I don't know why some tasks call one and not the other, but I get that too (still no errors for me though) |
Jonathan Send message Joined: 4 Oct 17 Posts: 43 Credit: 1,337,472 RAC: 0 |
If it makes you feel better, submit the files to Virustotal for checks against multiple virus engines. A lot of the false positives are related to the way Boinc creates files, deletes files and uses resources. If you don't want to exclude the directories, just accept that you may get these false positives www.virustotal.com |
Questions and Answers :
Windows :
Rosetta File Detected as Fiel Threat (Bloodhound on Norton) and (Ransomware on Malwarebytes)
©2024 University of Washington
https://www.bakerlab.org