MX 250 - Alert for HQ - XXX - appliance - Malware download blocked

NH
Comes here often

MX 250 - Alert for HQ - XXX - appliance - Malware download blocked

We are receiving continuous alerts about this W32.7DC5FC24BE.in12.Talos from one of the end users' machines and the website it was flagged is [http://wcdownloadercdn.lavasoft.com/9.1.0.993/WcInstaller.exe] the download was blocked but the alerts are coming one after another for the same date and time.

 

 

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Looking at this, it seems to be a genuine threat.
https://www.virustotal.com/gui/file/7dc5fc24be9a8531f51c47243d0bbe5b8655cfba6080adea23a4e3308f59ddba...

 

I would be wiping this computer and setting it up again.  It has almost certainly got something bad on it.

NH
Comes here often

I did check the Virustotal website for that software or file earlier as well. The strange thing is that the file/software was blocked by the MD and the alerts have been sent to the admins since last Friday, and they all have the same date and time. 

 

any thoughts on where to look for it on the user's machine?

 

Brash
Kind of a big deal
Kind of a big deal

According to the alert, the download was blocked so you won't find it on the user's machine.

However I'd be more concerned about whatever other malware is triggering the download.

As @PhilipDAth mentioned, safest method is to wipe and rebuild the device. If you don't want to go down that path, at the very least ensure you've done a deep scan with an antivirus/anti-malware or EDR software.

NH
Comes here often

Thank you and I appreciate you both for your responses this quick. We will definitely reimage that specific PC.

 

Thank you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels