Skip to main content

Getting possible Malware detection since recent update

Thread needs solution
Beginner
Posts: 1
Comments: 0

Since i updated about 4 days ago to build 39184 , I've been getting a "Possible ransomware injection detected" message from Acronis Active Protection. The injection process is identified as node.exe, and the 31 affected files are all Adobe  files in ..\AppData\Roaming\Adobe\...  At various times I've tried both available options, "Stop the process" and "Ignore". But the warnings keep coming, typically after a reboot. Malwarebytes protection does not detect anything.

 

Ideas?

Thanks!

0 Users found this helpful
Forum Hero
Posts: 55
Comments: 9017

David,

This suggests that your Adobe CC node.exe file is out of date.  An update to the latest version should fix the issue. The link below has more information:

Adobe node.exe + node.js flagged as insecure

Beginner
Posts: 0
Comments: 1

I received the same ransomware notification from Acronis after their update, but it warned me about an attack on my Dropbox account. A Bitdefender scan showed nothing. Plus I've been dealing with Acronis support now for over a month trying to get my backup to my Cloud account to work. I've asked to have my case moved to someone who can help me, but haven't heard back. Anyone else experience Acronis being particularly unstable right now?

Forum Hero
Posts: 55
Comments: 9017

Fred,

I have no comment on your Cloud backup.

As for the "ransomware" notification as you put it, Dropbox, like any other online account, can be compromised.  The warning you got is simply expressing that something about your Dropbox is triggering a notification of some form of compromise or infestation.  Without having more specifics it is impossible to know for sure.  My suggestion is to contact support about this issue.

As for the product being unstable, I have not and am not experiencing any stability issues.  Again, with this limited information it is impossible to provide anything more definitive.

Regular Poster
Posts: 44
Comments: 165

I'm having the exact same problem, only in my case ATI is complaining about Outlook.exe. Since it's possible that an email could pose a threat, I'm loathe to ignore the message; but doing anything else hangs or crashes my system.

Legend
Posts: 105
Comments: 25746

Jerry, what actual warning message(s) are you getting referencing Outlook.exe - do these refer to anything else along with the exe file?

What antivirus application is providing protection on your system?

Is the warning message being shown when you are using Outlook or when backing up content that includes it?

Forum Hero
Posts: 55
Comments: 9017

Jerry,

Is your Outlook fully updated?  Do you use Outlook for other mail services such as Yahoo Mail?  I would check these points in looking for an answer.

Regular Poster
Posts: 44
Comments: 165

My Outlook is fully updated. It sucks mail from two different services (Comcast and mail.com), and I never had this trouble before the most recent update.

As for the error message, it's the same as what OP posted, except that it refers to outlook.exe. Either "Ignore" or "Stop the process" will get me out of it, but neither seems like a good choice. As I said, the possibility of an email attempting to inject malware is not far-fetched.

I did try deleting the (24) affected files, but that crashed my system.

I've taken to shutting down Outlook when I'm not at my computer, because when that message popped during the night my backups didn't run and the system was hung when I checked it the next morning.

I've added Outlook.exe to the list of exceptions, but I'm a little nervous about that.

I'm using Norton for protection.

Regular Poster
Posts: 44
Comments: 165

The error pops up when Outlook is running, but I can't be sure if it only happens when the UI is running. I suspect so. When I say I shut down Outlook, I mean I completely shut it down (File...Exit).

Forum Hero
Posts: 55
Comments: 9017

Just my opinion here:

There appears to be some process association here where whatever these apps/services are doing is triggering the ransomware protection feature resulting in a warning message.  Given the fact that no offer to quarantine the process or a statement that ransomware was in fact detected and the process halted I would assume that there is little to worry about.

Having said that, Acronis support needs to be advised and investigation into the cause performed.  Please send in Feedback.

Forum Moderator
Posts: 200
Comments: 6480

Hello Everyone,

if you still receive the warnings and have some time for investigation, please open a support ticket (if you need help with opening a ticket, pls let me know) and share the ticket ID with me, so that we can follow the investigation process and make sure the issue is prioritized. Alternatively, a system report sent via the Feedback option would be also helpful - pls comment in the thread, if you've already sent one.

Beginner
Posts: 1
Comments: 8

I've had this problem with Adobe node.exe this morning, and now with Dropbox.exe this afternoon.

I'm following Ekaterina's advice and sending a system report via the Feedback option.

Max

 

Beginner
Posts: 1
Comments: 2

I'm getting same warning on Dropbox files when computer first starts, I just chose to ignore it but will see if that was a bad mistake.

Beginner
Posts: 0
Comments: 1

I'm getting the same injection error on OUTLOOK.EXE and my system locks up, requiring a reboot. I can only display the files Acronis believes may be infected. Nothing else works. 

I've turned off the protection as my scans have turned up nothing and my SonicWall is working.