Jump to content

mlonabaugh

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Posts posted by mlonabaugh

  1. I have been using MB for many many years, and the only issue I have had is excluding false possitives. 

    Why is is it so hard to excludes false possitives?

    Is it me? Am I missing something? Is there an easy way to do this and I just can't find it?

    Please help, its so frustrating 

  2. Just to be clear... Is that a query you posted? or just a list of names you want me to visually inspect? 

    If you just want a visual inspection, the answer is no to all. I have 7 unknown users that were created right about when this all started. I have disabled all of them. (Not deleted)

    They are: dcs, help, Mssql, Mssqla, sql, sqlup, web, websa...

  3. Good morning,

    This forum is a bit easier to use, so if you don't mind let's stay here. I was not aware you had a presence in both places...

    The only thing I did last night was disable the network connection to prevent any hacking while I slept, I will run your query asap...

    Thank you!

  4. Thank you. I will need to wait until the end of day to do this, but I will get back to you asap.

    I also discovered that there were 7 sql jobs set to fire off at different times of the day. 

    I am hoping that killing those jobs will do the trick...

     

    Thanks again!!!!!

    • Like 1
  5. Hello,

    I have been battling a virus for weeks. MWB finds and fixes the problem but it just keeps coming back. 

    I am working with someone from bleeping computers so I don't want to bring to many chefs to the table but I would like to know if you have any helpful advice.

    I use MWB Nebula...

    Below is the a report on what keeps coming back. It's always the same 92 infections...

     

    Any assistance would be deeply appreciated...

    Thank you!

     

    Hello Mark Lonabaugh,

    Based on your preferences, you are being notified that a new event has occurred for the following account:

    Data Capture Solutions

    • Endpoint Name: Nav.Datacapture.prv
    • Domain/Workgroup: Datacapture.prv
    • IP: 192.168.0.17
    • Scan Date and Time: 08/05/2021 - 03:56:51 PM
    • Scan Type: ThreatScan
    • Detections Cleaned: 92
    • Severity: warning
    • Group: Default Group
    • Policy: Default Policy

    Displaying 92 of 92 detections below - additional details can be viewed via the Scan Report.

    Name

    Type

    Category

    Status

    Path

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHSTAT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHSTAT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHSTAT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHSTAT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCTRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCTRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCTRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCTRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCRTP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCRTP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCRTP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQPCRTP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSWEBSHIELD.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSWEBSHIELD.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSWEBSHIELD.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSWEBSHIELD.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSAFETRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSAFETRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSAFETRAY.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSAFETRAY.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CMDAGENT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CFP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CFP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CFP.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CFP.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360sd.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360sd.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360Safe.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360Safe.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rps.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rps.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rp.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rp.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360sd.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360sd.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360Safe.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360Safe.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rps.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rps.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rp.exe

    RiskWare.IFEOHijack

    Reg, Value

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360rp.exe|DEBUGGER

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\kvxp.kxp

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMonXP.kxp

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\kvxp.kxp

    RiskWare.IFEOHijack

    Reg, Key

    Malware

    Quarantined

    HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMonXP.kxp

     

  6. Hello,

    I have an endpoint that shows 1 Suspicious activities found warring, but when I go into the Suspicious activities window I see "No Suspicious activities found"

    I have deleted the endpoint, uninstalled and reinstalled MB but the warring returns and still receive "No Suspicious activities found" .

    Is there a wat to clear the warning? 

    Thanks!

    SA.jpg

    noSA.jpg

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.