cma6

CLOSED Possible double pulsar infection

Recommended Posts

Me: "I was reading the recent EIS notification re Double Pulsar malware and while reading it online with Chrome, there was an attempt at an exploit in the folder \Downloads\Emsi\  but fortunately EIS stopped the exploit."

 

GT500:  "The DoublePulsar exploit detection only detects if DoublePulsar is trying to install a payload, so it is possible that there is still a DoublePulsar infection present and it just hasn't tried installing another payload since the first time it was blocked. That being said, our DoublePulsar detection is fairly new and I'm not sure whether or not it is possible for something to trigger a DoublePulsar alert even if it isn't actually DoublePulsar (most Behavior Blocker alerts can be triggered by legitimate software). Just in case I recommend following these instructions for creating a new topic in our Help, my PC is infected! section, and one of our malware removal specialists will take a look at your logs."

 Thanks in advance for your help.

Addition.txt

FRST.txt

scan_170704-201510.txt

Share this post


Link to post
Share on other sites

Your logs show no malware.  The exploit attempt blocked by our behavior blocker could have been a drive-by install.

Share this post


Link to post
Share on other sites
1 hour ago, Kevin Zoll said:

Your logs show no malware.  The exploit attempt blocked by our behavior blocker could have been a drive-by install.

Kevin, was that an "all clear"?

In any case, thanks for reviewing the logs.

"Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window." In my case,  the drive-by attempted install occurred when I clicked on the Emsisoft popup link with an online article about Double Pulsar.

CMA

Share this post


Link to post
Share on other sites

H'm that should not have happened.

Your system does not appear to be infected. If you are not having any issues then yes that is an "all clear."

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.