Jump to content

shadowwar

Staff
  • Content Count

    8,392
  • Joined

  • Last visited

About shadowwar

  • Rank
    Forum Deity

Recent Profile Visitors

62,601 profile views
  1. those json files in he log directory actually have the hash of the files detected. The names can be random so wont help me find the files for you.
  2. No problem i will be back on in about 10 hours from now. if you get sooner send me the logs and i will see if i can come up with the files. Worse case you may have to reinstall office 2010 and do the updates if we cant. That should put the msi files back.
  3. shadowwar

    Cheat Engine being detected as a Backdoor.

    Please zip and attach the file here: C:\Users\harry\Downloads\New folder (7)\CheatEngine682.exe
  4. shadowwar

    Visual studio payload.vsix

    please zip and attach the files listed here: C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\POWERSHELLTOOLS.VS2017,VERSION=4.1.6\PAYLOAD.VSIX C:\WINDOWS\TEMP\VSIX3FEH4MCO.VSIX
  5. Can you please zip the logs that are located here C:\ProgramData\Malwarebytes\MBAMService\ScanResults and attach them to the post or PM me them. Thanks.
  6. shadowwar

    Visual studio payload.vsix

    its cloud based so should only be 10 mins. These machines have internet correct? Is it possible they are different files then what you attached?
  7. shadowwar

    Visual studio payload.vsix

    These should no longer be detected. Thanks for reporting.
  8. shadowwar

    Avast update

    If you are talking about Avast driver updater then i suggest you read this and our stance. If you still want to use it then follow Firefox's instructions. https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/
  9. shadowwar

    Visual studio payload.vsix

    The ones above are whitelisted. Can you zip and attach these files so i can check them? C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\POWERSHELLTOOLS.VS2017,VERSION=4.1.5\PAYLOAD.VSIX C:\WINDOWS\TEMP\VSIXUKM4GWU0.VSIX C:\WINDOWS\TEMP\VSIXMADIHPQM.VSIX
  10. shadowwar

    False positive from iasrecst.dll

    Ok 1 more request. Can you send me the MBAMservice.log located here: C:\ProgramData\Malwarebytes\MBAMService\LOGS pm is fine.
  11. shadowwar

    False positive from iasrecst.dll

    Ok replacing this file is not that easy. Everyone but trusted installer only has read access to it. Let me check around and with dev if we can come up with something to make this easier to replace. One way that may work is an offline linux rescue disk.
  12. shadowwar

    False positive from iasrecst.dll

    ok do you know where the first one was located? the first vt result before this post. This is a corrupt one. my bet is its in the winsxswow64 120kb one. https://www.virustotal.com/#/file/dbb88ac48ed1456fb0c8163afb1a652dc2f95deedbf11dcf2684722a07970a72/detection
  13. shadowwar

    False positive from iasrecst.dll

    Can you go to c\:windows and do a file search for: iasrecst.dll And let me know all the locations its found. Thanks
  14. shadowwar

    False positive from iasrecst.dll

    Can you pm me the full cbs.log? You can possibly try this program. I have never used it. https://www.ghacks.net/2015/11/06/sfcfix-comes-to-the-rescue-when-sfc-scannow-cannot-repair-windows-file-corruption/ It looks like it uses the dism tool to repair stuff sfc cant. I recommend backing up the system before hand just in case.
  15. shadowwar

    False positive from iasrecst.dll

    The files are exactly the same. I will look over the log but its nothing to worry about. Its definitely not corrupt. It wont affect the os in any way as the correct file is present and not corrupt.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.