Jump to content

cybot

Honorary Members
  • Posts

    233
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,555 profile views
  1. todays scan revealed that the file IEexec.exe and the registry value associated with it are supposedly malware. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/10/21 Scan Time: 12:59 PM Log File: 3451d0cc-9a37-11eb-b453-00d86104a727.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38019 License: Premium -System Information- OS: Windows 10 (Build 19042.867) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 454812 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 44 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 Malware.AI.1525378349, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\IEEXEC.EXE, No Action By User, 1000000, 0, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.1525378349, C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\IEEXEC.EXE, No Action By User, 1000000, 0, 1.0.38019, B3A6A93134F58BCB5AEB6D2D, dds, 01194508, 2A6EFFF1EFE42D279D74851EDDE33872, 30635C8AD04D3ADE4AF47B54E761C81CEE59CA0022E9462F5C1FA0D87D48D10D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I have already checked my system, and the files are properly signed and are official Microsoft files belonging to Microsoft .NET. This appears to be yet another false detection by malwarebytes detection AI
  2. just ran into another issue, this time from windows code integrity. don't know if it is normal or not, but it sounds like something abnormal. Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
  3. one thing i noticed in the new log files is a the messages related to nahimic (avolute) which may have been suppressed beforehand. I will of course take the issue up with nahimic after this, but it is interesting that the issue I have been having wasn't generating the driver signature errors before. is it even possible that those pathless tasks were suppressing the driver errors? is it alright to clear out the dumps now? for me they are taking up considerable space which is at a premium.
  4. heh... forgot to attach the files before, so here they are. Fixlog.txt Addition.txt FRST.txt
  5. I ran the fixes and have attached the generated logs, and i made a new set of logs.
  6. i moved some store app to D:\ and uninstalled some others, I also ran disk cleanup - deliberately unchecking anything that had to do with logs and dumps. my drive space is now sitting at 116 Gb's so I have turned system restore back on for now. to insure that system restore doesn't cause my free space to drop below 100Gb's i have set the size limit to 16gb's i know that level is probably to little, but i don't havemuch choice atm. I have uninstalled ESSP and rebooted and turned off MBAM. I rand FRST according to instructions. logs are attached to this message. i looked at the logs myself since you mentioned tasks with no file paths, and i looked in the task scheduler, but could not find and tasks with out paths. I did look in the registery, and found the entries mentioned in the log, but I have no idea what they are for. perhaps left over entries from previous versions of windows? i also noticed that the log said i had group policy configured, but it could not tell me what was active. I have group policy disabled on this machine. perhaps frst is not able to tell? there is definitly something hinky with the security center, as you will see when you look at my logs Addition.txt FRST.txt
  7. as much as i like to have system restore enabled, i don't have the drive space for it. when my free drive space dips below 100gb the system begins to slow down. and currently i have 91gb's free on drive C:. i realize thiss is not a wise choice t leave it disabled, but i don't really have a choice. the system came with an itty bitty 256 gb ssd. I have alrady moved as much of the data as windows will allow to other drives. maybe if i moved my office installation too i might free up more space....but my user profile already has portions redirected too a bigger drive. i can also try too see if there is anythiing else that i can apply ntfs compression to on the drive.
  8. presses the post button prematurely..... (continued from last post) once the link to the tool has been posted, and i have run said tool, i will create a new set of logs and post them.
  9. ah, ok! thats great news. because it seems to ne an issue that the norton removal tool misses completely.
  10. i ran the Malwarebytes support utility once again, and it still lists norton security! as far as i can tell, there is no trace of Norton security left on my system. there are no more left over directories, no more obvious registry files. even the setup file for re-installing the software that was put on the machine by the systems manufacturer has been removed. I don't know why the logs are saying that it is still installed when it isn't. there must be some trace buried deep with in the registry or something. as per your last post, how would I clear out the Norton entry in security center?
  11. i saww that when i looked at the logs.... this is wrong. while norton security came with my system it has been uninstalled since day 1 and that was over a year ago. I ran the norton removal software once again too make sure it was really gone. should i post another set of the malwarebytes logs? 7
  12. this issue has only occurred once - so far. but the error seemed serious enough and scary enough that I thought that at the very least I ought to report it.
  13. just found a second dump made when the issue occured. this one, however is small enough for me to upload. 081620-11812-01.7z
  14. here are the logs requested by the automated message mbst-grab-results.zip
  15. I was just minding my own business, not browsing the internet, just letting my system idle last night when I looked over at my system and a Kernel_Security_Check_Failure BSOD was displaying onscreen. I have my system set to make dumps, for analysis using Windbg. according to the results shown the cause was MWAC.sys ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. SYMBOL_NAME: mwac+15bb3 MODULE_NAME: mwac IMAGE_NAME: mwac.sys STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 15bb3 FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_mwac!unknown_function OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {b7ff9ef7-2db3-57c8-afc6-0256eccfd112} Followup: MachineOwner --------- I am unable to upload the machine.dmp due to it's size (16 Gb's) and my slow 1mbps upload speed, but i have attached the entire output from the debugger attached to this message as a text file. if there are additional winbbg commands you wish me too enter, please let me know and i will post the results. memory.dmp analysis.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.