Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Reply
Highlighted
L1 Bithead

@hhiggins 

It looks like it stopped around 5:10:41 AM PST 4/15/2020.

Highlighted
L4 Transporter

Hello @hhiggins 

 

I am glad the signature 341427639, is been disabled. 

 

This new signature, Virus/Win32.WGeneric.ajepxx, has a very high VT detection https://www.virustotal.com/gui/file/002a33f2f0d47c03a80539b71f3a312d146fa8c671ce8627254cfa0dd55d3407...

Are you sure it is detected in OneDriveSetup.exe

 

Best 

Himani

Himani Singh

View solution in original post

Highlighted
L2 Linker

@hisingh I have had no alerts for 24 hours now. I would consider this resolved at this point.

 

Thanks

Highlighted
L1 Bithead

This has recently started occurring again and is filling up my SIEM. Please help @hisingh !

Highlighted
L4 Transporter

Hello @AaronBeck 

 

Thanks for sharing with me. 
This signature is disabled since April 2020. How are you seeing it?

https://threatvault.paloaltonetworks.com/?query=Win32.WGeneric.ajdriy&type=

 

Best

Himani

Himani Singh
Highlighted
L1 Bithead

Ah, it appears to be a different name now but is triggering on the same file.

 

oneclient.sfx.ms/Win/Prod/20.084.0426.0007/OneDriveSetup.exe

 

Virus/Win32.WGeneric.aktxlj

348874710 

https://threatvault.paloaltonetworks.com/?query=348874710

 

Highlighted
L1 Bithead

It actually looks like there are multiple:

@hisingh 

 

Virus/Win32.WGeneric.aktxlj

Virus/Win32.WGeneric.aktpum
 
Highlighted
L4 Transporter

Hi

 

I have asked the team to check Virus/Win32.WGeneric.aktxlj, I will update.

Win32.WGeneric.aktpum is disabled already. 

 

Best

Himani

Himani Singh
Highlighted
L1 Bithead

Win32.WGeneric.aktpum Stopped at 7:10 this morning, was this just turned off? @hisingh 

Highlighted
L4 Transporter

Hi

 

Virus/Win32.WGeneric.aktxlj is a malware

Win32.WGeneric.aktpum was disabled on 06-28-2020. 

 

Best

Himani

 

Himani Singh
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!