Jump to content


  • Content Count

  • Joined

  • Last visited

About pcpunk

  • Rank
    Regular Member

Recent Profile Visitors

1,639 profile views
  1. Okay, the old one is being Flagged as Malware Still. Just downloaded a new one, the new one is not being Flagged. So I will just Delete the old one when I hear back from you guys.
  2. Attachment PRODUKEY.EXE This one looks like it was from 2017, so perhaps that is the difference? I will download a new one in the meantime. I don't really believe the second one is a False positive, I just don't know much about malware. I fear it is not harmful but is part of some software that I use? I will gladly remove it if that's what needs to be done. I guess things have been working well enough for all this time so it's likely to be okay to delete it. I would however like to know how it got there, or what software it is attached too? produkey.zip
  3. I wonder why Produkey is being flagged as Malware? I guess the MWB team don't like this one. Generic.Malware/Suspicious, E:\PRODUCT KEY FINDERS\PRODUKEYZIP\PRODUKEY\PRODUKEY.EXE, No Action By User, [0], [392686],1.0.12833 And, I have another Pup that's been Quarantined for a long time and forgot about it. Could someone help me with these? PUP.Optional.InstallCore, HKU\S-1-5-21-2980750377-741722422-2426231483-1000\SOFTWARE\CSASTATS\ic, Quarantined, [411], [586068],1.0.8455 MWB ic Reg Key Problem.txt MWB PRODUKEY.txt
  4. That one I don't need so will delete it. Thanks, pc
  5. Yes, the Link is the same. The mistake was, they seemed to have sent me the wrong link, and instead linked me to the download for "lsrshsetup.exe", instead of the one I wanted: lsrmphdsetup.exe. I didn't look at it closely to see it was not the same download. The "lsrshsetup.exe" is the one that had the bad Reputations. All good now, thanks for taking the time to get me straightened out. I know this for sure as I have a copy of the email with the link, so there is my confusion. I did Quarantine the file and re-scanned and all looks good. Just re-scanned the "lsrshsetup.exe" at VirusTotal and HERE is what I got. It took longer this time than it did before, and unfortunately showed one detection. I will Delete this folder once you have all the info you wanted. I don't need this software anyhow, it is already on my other computer from the lsrmphdsetup.exe, which is the one I wanted.
  6. I should mention Virus Total Community score was -12, That's a Negative 12. But that is just opinion I would guess.
  7. It shows it is indeed from Lazesoft, so that is good. Virustotal says it is good! I will run the tool, delete it, and report back if there are any issues. Thanks very much nasdaq!
  8. I found the Thread that I created due to this same issue. Sorry for the confusion, but I still don't understand what it is or what to do with it? From what Didier Stevens was saying it was okay as long as the digital signature is good, but I don't know how to check that. Suspicious Download Results? I also made a mistake in the first part of that thread as to what I downloaded. This is what I downloaded "Lazesoft Recover My Password 4.2.1 Home Edition (Free)" "lsrmphdsetup.exe" At the bottom of THIS PAGE. So I'm quite sure this is what I'm seeing, though don't know where the detection is coming from. I assume it is coming from the File itself because I don't remember installing it. Or I started to install it and thought it better not to on my main machine. Hope that was clear, I'm not feeling well today. What's really weird is I contacted Lazesoft a while back and they gave me this MD5: D8A1D239E6F74318BC0362C75D7CFA07 for that file. And even gave me a Link to the same file but not the cnet link I guess. I downloaded it and the MD5 above did not match. I gave up, but I should have contacted them and told them the Hash did not match. If you want I can just delete that file and run another scan.
  9. I can't remember now if I tried to remove it. I was afraid to remove it recently because I don't know what program is using it. I think it looks little weird, as little as I know about the Registry, it don't look like a normal Registry Key to me. Honestly it has not affected my pc one bit, and this is why I have not taken care of it till now. I also have multiple computers so no hurry, but this is my most important pc. Thanks! FRST.txt Addition.txt
  10. I've had this issue for a while now but think it is some kind of false positive. See Attached Results. Thanks, pccpunk MBAM 12-23-18.txt
  11. Yes, will need to be careful and remove this from all computers I maintain! Already found it on the next one, and Deleted it, and on and on LOL, with all the pc's I have it will be a little work.
  12. Either way the Detection is gone now. I followed the first part of the directions and Rebooted. Then I ran a Scan again, and the Detections were still there. I then Cleaned out/Deleted some "Other search engines" one being "Trovi Search" or something to that effect, and now all good so far. I did not see anything relating to "Conduit" in Other search engines, but did see lot's of stuff that I didn't think I needed, and Deleted them. Thanks for all the help! hope all will be good from now on with this one
  13. As I was following the Second Part of those Instructions, I found Trovi Search was in my "Other search engine" under "Manage Search Engines" The First Part of those directions did not work, the Reset Chrome Sync part. The Second part of those directions did not work either, so I will go ahead and Whitelist what they said to or the GoToMeeting Folder. Isn't this the culprit guys? This was not a problem until this was installed, and that is part of the reason I posted here. I Scanned this folder and got the same detection again.
  14. Thank you blender, will work on this soon!
  15. I keep getting these, and I think they are relatively harmless but I don't really know. I did a little research...very little...as I don't fully understand most of this stuff. This is what I keep getting below. I have no bad Toolbars or anything in Programs and Features. PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [579], [454835],1.0.3230 PUP.Optional.Trovi, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [4977], [454808],1.0.3230 I did a little research about "Conduit" at MBAM.com HERE and HERE but I have run a bevy of all the programs suggested at malwareremovalguides.info. I suspect it is from installing Auslogics DiskDefrag at one time not to long ago, but before all these AntiMalware programs were run. I uninstalled DiskDefrag since. So what do I need to do to get rid of this thing forever? Now I think it is because I installed "GoToMeeting" to listen to one of my favorite Webinars. I just scanned "GoToMeeting" Folder and got the same darn PUP's! When I quarantined them Chrome Shut down! I wonder how to deal with this, just Whitelist that folder and not worry about it? I thought that was a legit program, and I guess it is, but some use this program safely? Thanks pcpunk
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.