The identified pau is psexec located within the zip wpjcleanup, psexec as well as wpjcleanup are legitimate windows resources, however, have the potential to be exploited. I tried quarantine but since each backup has a unique string in the file path, it returns each day. Malicious activityany.run is an interactive service which provides full access to the guest.
My first Doordash Drive catering delivery! YouTube
After running spacesniffer on my dell g3, i noticed a huge 14 gigabyte folder whose path was c:\programdata\dell\saremediation\systemrepair. It seems that malware bytes is taggin this as bad, i saw on another thread this might be a false positive? Malicious activityany.run is an interactive service which provides full access to the guest system.
Running win 10 home version 20h2 the following folder is taking over 20% of my c:
@purringtonyes, it should work properly since 7.4.2 (you can use the very fresh 8.0 that we just released this morning): But i thought on the other thread from a year ago that it was fixed. Hello, c:\windows\psexesvc.exe is the executable for the service which psexec runs on the remote machine. What does it do, and can i delete it?
Mbam started detecting this around the end of may. Online sandbox report for audit_util.zip, verdict: Usually it's deleted when program/command run by psexec exits. I could not find the file.
