Question What does MPSUPPORT.CAB contains? For Microsoft Defender log

Please provide comments and solutions that are helpful to the author of this topic.

Can't Decide

Level 1
Thread author
Dec 15, 2023
27
Does anyone know what Mpsupport.cab contains? Does it contain personal information (e.g like site I go, what files it scanned before) or just detection logs?
Microsoft website just put it contains various diagnostic logs without any other information.
I want to know what does it contain before I decide whether to submit to Microsoft to analyze whether is a false positive or not. But does it still work after 1 weeks+?

Because Microsoft Defender detected Trojan:Script/Wacatac.B!ml & Trojan:Win32/Wacatac.B!ml from Emsisoft Emergency Kit's temp files and it was blocked & removed when EEK was scanning, I let EEK finished its scan it came out 0 detection. Moreover the files is gone, no files to upload to Virustotal to check and Emsisoft help support said they can't analyze without the file furthermore it was Microsoft Defender detected it they can't do much about it. By the way Emsisoft support also said I might be using old version of EEK and try install new version of EEK from Emsisoft webite, I follow their instruction and the detection is gone. But now I'm paranoid whether or not I'm infected and what shoud I do now?

If possible can anyone teach me how to use Fabar Recovery Scan Tool logs to analyze/diagnostic myself whether I got infected or not.
 
Last edited:
  • Like
Reactions: Nevi and Jack

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
Mpsupport.cab is a file that contains various diagnostic logs generated by Microsoft Defender. These logs are used for troubleshooting and analyzing potential issues with the software. The exact contents of the file may vary, but it typically includes information about the system, scan results, and other relevant data.

Regarding personal information, it is unlikely that Mpsupport.cab contains any sensitive data like the sites you visit or specific files that were scanned. The logs are primarily focused on the performance and behavior of Microsoft Defender itself.

As for the timeframe, it is generally recommended to submit the Mpsupport.cab file as soon as possible after an issue occurs. However, Microsoft should still be able to analyze the file even if it has been more than a week since the detection occurred. It's worth noting that the sooner you submit the file, the faster you may receive a response.

In regards to the Trojan detections you experienced, it's good that you have already taken steps to address the issue. If you have updated your Emsisoft Emergency Kit (EEK) to the latest version and it no longer detects any threats, it is likely that the issue has been resolved. However, if you still have concerns about potential infection, there are a few steps you can take:

1. Run a full scan with Microsoft Defender: Perform a thorough scan of your system using Microsoft Defender to ensure that there are no remaining threats.

2. Use additional security tools: Consider running scans with other reputable antivirus or anti-malware software to double-check for any potential infections.

3. Monitor your system: Keep an eye on your system's performance and behavior for any unusual or suspicious activities. If you notice anything out of the ordinary, it's best to seek further assistance from security professionals.

Regarding the Fabar Recovery Scan Tool (FRST) logs, analyzing them yourself can be quite complex and requires a deep understanding of malware analysis. It is generally recommended to seek assistance from experts in malware removal forums or consult with professional security services.

If you have any further concerns or questions, it is advisable to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
 
  • Like
Reactions: Jack

Can't Decide

Level 1
Thread author
Dec 15, 2023
27
Mpsupport.cab is a file that contains various diagnostic logs generated by Microsoft Defender. These logs are used for troubleshooting and analyzing potential issues with the software. The exact contents of the file may vary, but it typically includes information about the system, scan results, and other relevant data.

Regarding personal information, it is unlikely that Mpsupport.cab contains any sensitive data like the sites you visit or specific files that were scanned. The logs are primarily focused on the performance and behavior of Microsoft Defender itself.

As for the timeframe, it is generally recommended to submit the Mpsupport.cab file as soon as possible after an issue occurs. However, Microsoft should still be able to analyze the file even if it has been more than a week since the detection occurred. It's worth noting that the sooner you submit the file, the faster you may receive a response.

In regards to the Trojan detections you experienced, it's good that you have already taken steps to address the issue. If you have updated your Emsisoft Emergency Kit (EEK) to the latest version and it no longer detects any threats, it is likely that the issue has been resolved. However, if you still have concerns about potential infection, there are a few steps you can take:

1. Run a full scan with Microsoft Defender: Perform a thorough scan of your system using Microsoft Defender to ensure that there are no remaining threats.

2. Use additional security tools: Consider running scans with other reputable antivirus or anti-malware software to double-check for any potential infections.

3. Monitor your system: Keep an eye on your system's performance and behavior for any unusual or suspicious activities. If you notice anything out of the ordinary, it's best to seek further assistance from security professionals.

Regarding the Fabar Recovery Scan Tool (FRST) logs, analyzing them yourself can be quite complex and requires a deep understanding of malware analysis. It is generally recommended to seek assistance from experts in malware removal forums or consult with professional security services.

If you have any further concerns or questions, it is advisable to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
Thank you for your information bot.

What counted as unusual or suspicious activities and how do I know its unusual or suspicious activities?

After the intial detection, I run Microsoft Defender, Malwarebytes free, Eset Online Scanner and AdwCleaner, all come out 0 detection all clean. Can I assume it safe and clean of infection? Or I need to use Fabar Recovery Scan Tool (FRST) logs for expert to analyze?

About Fabar Recovery Scan Tool (FRST) logs, does the log contain any personal information also (e.g like site I go, what files I had) from all the drive I have?
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
Thank you for your information bot.

What counted as unusual or suspicious activities and how do I know its unusual or suspicious activities?

After the intial detection, I run Microsoft Defender, Malwarebytes free, Eset Online Scanner and AdwCleaner, all come out 0 detection all clean. Can I assume it safe and clean of infection? Or I need to use Fabar Recovery Scan Tool (FRST) logs for expert to analyze?

About Fabar Recovery Scan Tool (FRST) logs, does the log contain any personal information also (e.g like site I go, what files I had) from all the drive I have?
Unusual or suspicious activities on your system can vary, but some common indicators may include:

1. Unexpected system crashes or freezes.
2. Slow performance or unusual system behavior.
3. Unusual network activity or excessive data usage.
4. Pop-up messages or alerts that are out of the ordinary.
5. Unauthorized changes to system settings or files.
6. Unusual or suspicious processes running in the background.

If you notice any of these activities, it's recommended to investigate further to determine if there might be a security issue.

Running multiple reputable antivirus and anti-malware scanners like Microsoft Defender, Malwarebytes, Eset Online Scanner, and AdwCleaner is a good practice. If all of these scans come back clean with no detections, it is generally a good indication that your system is safe and clean of infection. However, it's important to note that no security software is 100% foolproof, and new threats can emerge that may not be detected immediately. It's always a good idea to keep your security software up to date and perform regular scans to stay protected.

Regarding the Fabar Recovery Scan Tool (FRST) logs, they primarily contain information about your system's configuration, installed software, and logs of certain activities. These logs generally do not contain personal information like the sites you visit or specific files you have. However, it's important to be cautious when sharing any logs or sensitive information online. If you are unsure about the contents of the logs or have concerns about privacy, it's best to consult with experts or seek assistance from reputable security forums before sharing any logs.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
 

Can't Decide

Level 1
Thread author
Dec 15, 2023
27
Unusual or suspicious activities on your system can vary, but some common indicators may include:

1. Unexpected system crashes or freezes.
2. Slow performance or unusual system behavior.
3. Unusual network activity or excessive data usage.
4. Pop-up messages or alerts that are out of the ordinary.
5. Unauthorized changes to system settings or files.
6. Unusual or suspicious processes running in the background.

If you notice any of these activities, it's recommended to investigate further to determine if there might be a security issue.

Running multiple reputable antivirus and anti-malware scanners like Microsoft Defender, Malwarebytes, Eset Online Scanner, and AdwCleaner is a good practice. If all of these scans come back clean with no detections, it is generally a good indication that your system is safe and clean of infection. However, it's important to note that no security software is 100% foolproof, and new threats can emerge that may not be detected immediately. It's always a good idea to keep your security software up to date and perform regular scans to stay protected.

Regarding the Fabar Recovery Scan Tool (FRST) logs, they primarily contain information about your system's configuration, installed software, and logs of certain activities. These logs generally do not contain personal information like the sites you visit or specific files you have. However, it's important to be cautious when sharing any logs or sensitive information online. If you are unsure about the contents of the logs or have concerns about privacy, it's best to consult with experts or seek assistance from reputable security forums before sharing any logs.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
Thank you bot.

Does system image restore clear any potential infections? Or do I need to use Farbar Recovery Scan Tool (FRST) to double-check for any potential infections before using system image restore?

Does Farbar Recovery Scan Tool (FRST) need internet to use? And does it stored everything/logs locally?
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
Thank you bot.

Does system image restore clear any potential infections? Or do I need to use Farbar Recovery Scan Tool (FRST) to double-check for any potential infections before using system image restore?

Does Farbar Recovery Scan Tool (FRST) need internet to use? And does it stored everything/logs locally?
Restoring your system from a system image can help to revert your computer back to a previous state, including the operating system, installed programs, and files. However, it's important to note that system image restoration does not specifically target or remove potential infections. If your system image was created before the infection occurred, restoring from the image may help to eliminate the infection. However, if the infection was present at the time the system image was created, it will also be restored along with the rest of the system.

To ensure that your system is free from infections, it is generally recommended to perform a thorough scan with reputable antivirus and anti-malware software, such as Microsoft Defender or other trusted security tools, before restoring from a system image. This can help to identify and remove any potential threats before restoring your system.

As for the Farbar Recovery Scan Tool (FRST), it does not require an internet connection to run. FRST is a portable tool that can be downloaded and executed directly on your computer. It scans your system and generates logs that contain information about your system's configuration, installed software, and other relevant data. These logs are typically stored locally on your computer and can be shared with experts or security forums for analysis and assistance.

It's important to note that analyzing FRST logs can be complex and requires expertise in malware analysis. If you are unsure about the contents of the logs or need assistance interpreting them, it's recommended to seek help from experts or reputable security forums to ensure accurate analysis and guidance.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
 

Can't Decide

Level 1
Thread author
Dec 15, 2023
27
Restoring your system from a system image can help to revert your computer back to a previous state, including the operating system, installed programs, and files. However, it's important to note that system image restoration does not specifically target or remove potential infections. If your system image was created before the infection occurred, restoring from the image may help to eliminate the infection. However, if the infection was present at the time the system image was created, it will also be restored along with the rest of the system.

To ensure that your system is free from infections, it is generally recommended to perform a thorough scan with reputable antivirus and anti-malware software, such as Microsoft Defender or other trusted security tools, before restoring from a system image. This can help to identify and remove any potential threats before restoring your system.

As for the Farbar Recovery Scan Tool (FRST), it does not require an internet connection to run. FRST is a portable tool that can be downloaded and executed directly on your computer. It scans your system and generates logs that contain information about your system's configuration, installed software, and other relevant data. These logs are typically stored locally on your computer and can be shared with experts or security forums for analysis and assistance.

It's important to note that analyzing FRST logs can be complex and requires expertise in malware analysis. If you are unsure about the contents of the logs or need assistance interpreting them, it's recommended to seek help from experts or reputable security forums to ensure accurate analysis and guidance.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
Thank you bot.

Is device name and user account name counted as personal/sensitive data? Is there any risk if others know of it?

About FRST logs, what will happen if the logs leak to people with bad intention and what can they do with it?
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,429
Thank you bot.

Is device name and user account name counted as personal/sensitive data? Is there any risk if others know of it?

About FRST logs, what will happen if the logs leak to people with bad intention and what can they do with it?
Device names and user account names are generally not considered highly sensitive personal data. They are typically used for identification purposes within a local network or system. However, it's important to note that the level of risk associated with this information depends on the context and the potential for misuse.

If someone with bad intentions were to obtain device names and user account names from leaked FRST logs, the risks could vary. In most cases, this information alone would not pose a significant risk. However, it could potentially be used in combination with other information to attempt social engineering attacks or targeted phishing attempts. For example, an attacker might try to use the obtained information to create convincing messages or emails that appear to be from a trusted source.

It's important to remember that the FRST logs themselves do not typically contain highly sensitive information like passwords or financial data. However, they may include details about installed software, system configurations, and potentially some file paths. It's always a good practice to be cautious about sharing any logs or sensitive information online, and it's recommended to consult with experts or reputable security forums if you have concerns about the privacy and security of your information.

If you suspect that your FRST logs have been leaked or compromised, it's advisable to monitor your accounts and systems for any unusual activity and consider changing passwords as a precautionary measure.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
 

Can't Decide

Level 1
Thread author
Dec 15, 2023
27
Device names and user account names are generally not considered highly sensitive personal data. They are typically used for identification purposes within a local network or system. However, it's important to note that the level of risk associated with this information depends on the context and the potential for misuse.

If someone with bad intentions were to obtain device names and user account names from leaked FRST logs, the risks could vary. In most cases, this information alone would not pose a significant risk. However, it could potentially be used in combination with other information to attempt social engineering attacks or targeted phishing attempts. For example, an attacker might try to use the obtained information to create convincing messages or emails that appear to be from a trusted source.

It's important to remember that the FRST logs themselves do not typically contain highly sensitive information like passwords or financial data. However, they may include details about installed software, system configurations, and potentially some file paths. It's always a good practice to be cautious about sharing any logs or sensitive information online, and it's recommended to consult with experts or reputable security forums if you have concerns about the privacy and security of your information.

If you suspect that your FRST logs have been leaked or compromised, it's advisable to monitor your accounts and systems for any unusual activity and consider changing passwords as a precautionary measure.

Remember, if you have any specific concerns or questions about your system's security, it's always a good idea to reach out to Microsoft Support or other reputable security forums for personalized guidance based on your specific situation.
Thank you for the information bot.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top