Rosetta File Detected as Fiel Threat (Bloodhound on Norton) and (Ransomware on Malwarebytes)

Questions and Answers : Windows : Rosetta File Detected as Fiel Threat (Bloodhound on Norton) and (Ransomware on Malwarebytes)

To post messages, you must log in.

AuthorMessage
RAWNet
Avatar

Send message
Joined: 13 Feb 09
Posts: 1
Credit: 319,337
RAC: 0
Message 87472 - Posted: 9 Oct 2017, 14:16:11 UTC

Any ideas?

Don't like the idea of excluding BOINC directories as suggested in other posts - this could even be why Rosatta is being targeted?

Filename: minirosetta_3.78_windows_intelx86.exe
Threat name: Bloodhound.MalPEFull Path: e:\boinc\projects\boinc.bakerlab.org_rosetta\minirosetta_3.78_windows_intelx86.exe
____________________________

On computers as of 
Wed 04 Oct 2017 at 18:26:37

Last Used 
Sun 08 Oct 2017 at 08:29:23

Startup Item 
No

Launched 
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.


____________________________


minirosetta_3.78_windows_intelx86.exe Threat name: Bloodhound.MalPE
Locate


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.


____________________________


http://boinc.bakerlab.org/rosetta/download/minirosetta_3.78_windows_intelx86.exe
Downloaded File from bakerlab.org
Source: External Media

minirosetta_3.78_windows_intelx86.exe
Norton
____________________________
File Actions
Infected file: e:\boinc\projects\boinc.bakerlab.org_rosetta\ minirosetta_3.78_windows_intelx86.exe Removed
___________________________
File Thumbprint - SHA:
5844d8c1213ac68343df41043124cff29e8c5091d4d42c8eaa5f1396ef18f1b5
File Thumbprint - MD5:
3581a7c3401044037db7f2198f7d7d50
==============================================================================================
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/5/17
Protection Event Time: 5:30 AM
Log File: 6bd83064-a93a-11e7-88b8-00ffed60e8ec.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2950
License: Premium

-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, E:\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.78_windows_intelx86.exe, Quarantined, [0], [392685],0.0.0
ID: 87472 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Sid Celery

Send message
Joined: 11 Feb 08
Posts: 915
Credit: 15,732,810
RAC: 15,986
Message 87480 - Posted: 10 Oct 2017, 6:59:48 UTC - in response to Message 87472.  
Last modified: 10 Oct 2017, 7:08:50 UTC

Unusual. I use both Norton Security and Malwarebytes and neither have flagged the new Mini Rosetta application, except for high CPU usage

Edit: Correction, my high CPU usage is coming up for the x86_64.exe file rather than the intelx86.exe file you're reporting, which matches what your tasks are reporting. I don't know why some tasks call one and not the other, but I get that too (still no errors for me though)
ID: 87480 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Jonathan

Send message
Joined: 4 Oct 17
Posts: 5
Credit: 25,859
RAC: 0
Message 87498 - Posted: 11 Oct 2017, 14:59:09 UTC - in response to Message 87472.  

If it makes you feel better, submit the files to Virustotal for checks against multiple virus engines.
A lot of the false positives are related to the way Boinc creates files, deletes files and uses resources. If you don't want to exclude the directories, just accept that you may get these false positives
www.virustotal.com
ID: 87498 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote

Questions and Answers : Windows : Rosetta File Detected as Fiel Threat (Bloodhound on Norton) and (Ransomware on Malwarebytes)



©2018 University of Washington
http://www.bakerlab.org