Jump to content

Grenpara

Honorary Members
  • Posts

    157
  • Joined

  • Last visited

Everything posted by Grenpara

  1. Hello, After installing on my pc to make the disk I did scan and now I have tons of malware on the pc. Not sure if they are all false positives or the program is not safe. See attached below: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/10/22 Scan Time: 2:08 AM Log File: aafeb814-8a48-11ec-9a80-a8a159525ab8.json -Software Information- Version: 4.5.2.157 Components Version: 1.0.1562 Update Package Version: 1.0.50931 License: Premium -System Information- OS: Windows 10 (Build 19043.1526) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 604555 Threats Detected: 10 Threats Quarantined: 0 Time Elapsed: 1 hr, 34 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 10 Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS,VERSION=16.9.693.2781\PAYLOAD.VSIX, No Action By User, 506, 1024595, 1.0.50931, , ame, , 69547A0B7CE85777245190C4A65CEC1E, 2728559501BA2B7CCD08B41483A3A96D687B5D38B3B9C4FC75F7F8C7589634B9 Trojan.Crypt, C:\USERS\GREND\APPDATA\LOCAL\TEMP\3UEQ2LQ5\MICROSOFT.VISUALSTUDIO.INTELLICODE.7F16F3417CD45F9917FB\MICROSOFT.VISUALSTUDIO.INTELLICODE.VSIX, No Action By User, 506, 1024595, 1.0.50931, , ame, , 57A328DDEA180038CE1B9AD4974CF413, 6CB7B22029D99AFFF11B217365924C96E9A13C6DEF4682ACDE86EBEE2548BD8B Trojan.Crypt, C:\USERS\GREND\APPDATA\LOCAL\TEMP\3UEQ2LQ5\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.217E538CA49AFA3D5778\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.VSIX, No Action By User, 506, 1024595, 1.0.50931, , ame, , B244F53C89160120FA9965D7751E0DFA, 562514C36B3AD9462D477A7B1FE0B0205FFFB5836FE02216A52CD04A2F2BBAB1 Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\TEMP\ALIYUN_20220207181044\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, 0BC412FD3EA5EBA20761D50E86BD6C66, 3428BAC25C62E4298C1DD2E056E8A2EA45178EA71E18404CFA2CCCA972E2A0EA Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\TEMP\IS-15AIG.TMP_EUDOWNLOADER\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, 0BC412FD3EA5EBA20761D50E86BD6C66, 3428BAC25C62E4298C1DD2E056E8A2EA45178EA71E18404CFA2CCCA972E2A0EA Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\TEMP\IS-N9VOG.TMP_EUDOWNLOADER\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, 4F605AC51FAF987E6DF56A8050638BB0, 485B5BFDEBCE7892299E229FC85F96CCC8F98BC3A2A8F205DA7956AD6F547D84 Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\UNALI-317572140\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, DD1D78806A7E22B4C22BBF1D2C542EB0, 862FC899115BA391CD92E6E205794D9E5D9361C36F285CCDEE0027961375A46F Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\UNALI-317595718\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, DD1D78806A7E22B4C22BBF1D2C542EB0, 862FC899115BA391CD92E6E205794D9E5D9361C36F285CCDEE0027961375A46F Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\UNALI-317596031\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, DD1D78806A7E22B4C22BBF1D2C542EB0, 862FC899115BA391CD92E6E205794D9E5D9361C36F285CCDEE0027961375A46F Malware.AI.3295900655, C:\USERS\GREND\APPDATA\LOCAL\UNALI-421064593\ALIYUNWRAP.DLL, No Action By User, 1000000, 0, 1.0.50931, 57630830DC28A4D0C47373EF, dds, 01636084, DD1D78806A7E22B4C22BBF1D2C542EB0, 862FC899115BA391CD92E6E205794D9E5D9361C36F285CCDEE0027961375A46F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Need help. Thanks Gren
  2. Hey, Thanks for all the additional information and advice. I did not have a part in setting up his computer or Microsoft account. I was away when he purchased it and the other side of family set it all up. And yes I know MS sucks with all their issues. I would switch to Apple but I would loose far to much software and dont feel like shelling out more cash. I am thinking I will try linux in the near future. Anyways Thanks again. I will post my result on Saturday or Sunday after I see him. Gren
  3. Hello, I have not tried it yet as I am going saturday to his house. Just in case it does not work, what are the other methods? Thanks in advance Gren
  4. Hello, Thanks for the fast reply and help, I really appreciate it. EDIT: Oh and I had to buy it. Seems free version does not work on admin account. Also USB is now restricted to ultimate or pro version. Have a great day. Gren
  5. Hey Guys, My Dad cant remember his widows 10 password and an bunch of events made it worse. He got hospitalized and then moved into a nursing home. Problem is he got moved to different ISP so no longer has his original email address. HE entered his landline into recovery but Microsoft cant send text to land line. I would like to know if https://www.passfab.com/products/windows-password-recovery.html Is it safe to use to reset password on admin account on his pc Or is there a safe way to somehow reset his password on pc so he can login? I scanned the download and it appears safe but that does no mean much. Thanks Gren
  6. Hello, I think this file is false positive due to operation. It is an NFC Reader/Writer software for Ntags. I have purchased 4 readers all different and all use the same software. I think because it can read and write encrypted ntags it is being flagged but am not sure. The download link to the whole suite of software is http://download.5yoa.com/NFCWSoftware.zip Log is -Log Details- Scan Date: 7/29/21 Scan Time: 3:45 PM Log File: f76629c4-f0ad-11eb-9885-a8a159525ab8.json -Software Information- Version: 4.4.3.125 Components Version: 1.0.1387 Update Package Version: 1.0.43704 License: Premium -System Information- OS: Windows 10 (Build 19043.1110) CPU: x64 File System: NTFS User: DESKTOP-ANN3SGB\grend -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 9 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 15 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4236925903, D:\DOWNLOADS\NFC READ & WRITE SOFTWARE\LATEST SOFTWARE REPORTS AS BAD\NFCWSOFTWARE\NFC中文解卡软件\普通IC卡复制.EXE, No Action By User, 1000000, 0, 1.0.43704, 04981EB2AD60208FFC8A5BCF, dds, 01354624, 7CD8DBFF95B2B9BA3FEBD99BE93235CC, DC433448950E255BCCC9EBD7498ECE218F9047C5008BA1BE6319A5132D44EBCA Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Thanks in advance Grenpara Possible False Positive.zip
  7. Hey Guys and Gals, I went to a site I have heard about to get a trial on software. But Malwarebytes browser guard gives block warning. I am pretty sure the site is safe but wanted to check first before I add exception. Or if Malwarebytes can check and add it to safe list. Site is https://www.libertystreet.com/homemanage_downloads.htm and I clicked the trial download button and then was blocked by browser guard. Thanks in advance Gren
  8. Hello, Thanks for fast reply and help. Have a good one and stay safe. Fred
  9. Hello, I would do that but they are temp folders so I dont exclude them. Plus it never detected file in VS folders and only the temp folders. Thanks Fred
  10. Hello, I had updated my visual studio about a week ago. Malwarebytes ran its own scan today and is reporting the following. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/17/20 Scan Time: 4:50 PM Log File: 99347db4-e0d3-11ea-9e4b-f0038cd25fe4.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.1003 Update Package Version: 1.0.28633 License: Premium -System Information- OS: Windows 10 (Build 19041.450) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 510244 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 47 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Malware.Heuristic.1001, C:\USERS\FRED\APPDATA\LOCAL\TEMP\JWDYXUGB.3PT\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.28633, 0000000000000000000003E9, dds, 00856520, B6F517D0D8C20567335849424C9AD03F, 82AB30A0F33B0AB1CE072614CDB6869396FC7A2A12EEC3E7739EA08F54DCE46D Malware.Heuristic.1001, C:\USERS\FRED\APPDATA\LOCAL\TEMP\UAYNGBAQ.CX1\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.28633, 0000000000000000000003E9, dds, 00856520, A353E6AF9EE536100BC9675B0271897A, ECDF0FC42077A136D3BDFBACD8013F6BCB02A87580FABD10B586A6A17D93FE72 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I am pretty sure it is false Positives. Thanks Fred False-P.zip
  11. Hey, I had system checked not to long ago and I monitor it quite well now. I read online that others have same or similar issue with the game "Fallout 76". I have modified GPU settings for it with little change. As for system I have run multiple benchmark tools like 3dMark and all pass great. I keep asking Bethesda for their server ip so I can ping them but the will not give server info. So i pinged and traceroute their main website and I see a lot of time outs and high numbers. In Canada get good numbers but within 1 or 2 hops into USA numbers crash or time out. 300+ ms or time out for many of the hops. Anyways thanks for the help and the suggestion. Have a great day Gren
  12. Hello Exile360, Problem is I cant find the program if any causing the issue. The game even when i do a selective startup using msconfig gets massive lag. Yet when i change the game set to high priority the game runs fine in normal and selective startup. It bugs me as all my other games and I have lots of online games run fine! it is only the one game causing me issues. I tried port forwarding but then it screws up my housemates games. We all have gaming rigs, thou they dont play same game causing me issues. But if we all play wow, eq2, Aion, Elder Scrolls and others all at same time all set to max graphics none of us get lag ever. But when I play the one game I get lag bad while other playing other games get none. Thanks Gren
  13. Hello Exile360, Thanks for the fast reply to my post, I really appreciate it. I asked as I need to always have a game start set to high priority when it is run. Alt Tab does not work as it screws up when I go back into game. I was told Process Hacker 2 would do the job but wont install until i know its safe. Thanks again for the help. Gren
  14. Hello Guys and Gals, Is "PRocess Hacker 2" safe? I found old thread https://blog.malwarebytes.com/101/how-tos/2018/11/advanced-tools-process-hacker/ So I assume PRocess Hacker 2 which is made by same person should be safe? Thanks in advance Gren
  15. Hello Maurice, Sorry for the late reply. Also thanks for the help. I ran multiple scans and issue appears resolved. I ran Norton Emergency scan tool and it removed something and all is working fine now. So I no longer need help as all other scan from Malwarebytes, Bitdefender, adwcleaner and spybot all show up clean. So I think this case can be closed. Thanks again for the help. Gren
  16. Hello Gonzo, Thanks for the fast reply and help. Have a great Christmas and Holiday Season. Gren
  17. Grenpara

    False Positive

    Hello, I have Malwarebytes and it works great. But I recently got your browser extension from Chrome store. Now it is giving me a site warning even thou I know site is safe. Attached is picture of the window warning. Thanks in advance Gren
  18. Hello, Running windows 10 Pro and have some strange things happening. Restarts just sits at restarting window endlessly, Tons of command prompt windows (I assume as they are black like command prompts) popping up and vanishing just after boot and/or logon. Not all programs close when i close them and stay open. I should add that I ran SFC /scannow and Multiple DISM commands and all show no issues. Not sure if infected but help would be great. I have large host file that I need left as it is without being deleted please. Here are the attached files. Thanks in advance Gren Threat scan 1.txt Addition.txt FRST.txt
  19. Hello Porthos, Thanks for fast reply and help. I must be crazy as I thought it said quick scan. All is good now. Thanks again Gren
  20. Hey Guys, How do you manually run a threat scan now in v4.0.4? When I hit scan it only does a quick scan and I am blind as I cant see option to manually run a threat scan like before. Thanks in advance Gren
  21. Hey Guys, I have a problem I cant seem to fix and need some help. I had a problem with a program I was installing so company had me go into Malwarebytes and click option to disable Start Malwarebytes at Windows Startup. I then restarted computer and did what i had to. Then I started Malwarebytes manually and selected the option Start Malwarebytes at Windows Startup and enable it again. After a restart Malwarebytes did not start when windows rebooted. I checked the setting to make sure it was enabled and tried another restart but again Malwarebytes did not start at Windows startup. I checked Task manager and it is not even in the startup section so I cant enable it there. I scanned my pc to make sure I had no malware and it came back clean. So my question is how do I get Malwarebytes 3.7.1 to again start with windows since the option is not working? Thanks in advance Gren
  22. Hello LDTate, Thanks for the fast reply and help with my issue. Attached is the file you requested. System seems to run a bit better which is nice. The mystery icon from taskbar notification area is gone now and has not returned. I know a couple weeks ago when I was trying to find the issue I ran sfc /scannow and it found nothing and then I ran multiple DISM command and they found nothing. Then I found a page on microsoft and it said to run Dism component store fix command and it did find 4 problems thou not sure why other check I ran did not catch it. It fixed 4 issues thou I still have an app not playing nice. seems something on my system keeps resetting default app extensions back to fresh. That normally happens about once a week but I was unable to find a cause or a fix for it. So in about a week or so all my default apps will be reset again. I also had problem with Win 10 and had to revert back to different revision. 1809 gave my system to many problems. For example it kept installing Office 2010 updates on my system every day, the same updates over and over. Microsoft had me revert to different revision and gave me a program to stop Windows 10 from updating what ever updates I want to avoid. That tool has stopped the issue for office 2010 updates. I will let you know over the next day or 2 how the system works. Thanks again for the help. Have a great New Years Gren Fixlog.txt
  23. Hey, Follow-up question if one computer on the network has malware can it infect the others even thou we dont share files? And if I have malware could that be the cause? I only play some games and use photo & Video programs. And My browser is now run in ShadeSandbox to make sure I dont get malware if I somehow click on bad site. I had Sandboxie but Microsoft removed it as a non-compatible program when system went to 1809. Thanks Grenpara
  24. Hey Guys and Gals, i have a Windows 10 Home 64 bit system and it is off the shelf with its own Factory restore partition. I am thinking of doing a fresh Windows 10 install but have some questions. Since the drive has multiple partitions if i use the Windows 10 installer made with Media Creation tool, will it wipe those partitions if I reinstall windows from scratch? Or how Would I do a fresh install so drive "c:" is on the drive as a single partition and not partitioned? Next, Should mobo chipset drivers be put on the system during Windows 10 install and not after Windows is installed? I have heard both yes and no for that question which is why I ask. I know the drivers for mobo go on after Windows is installed but the main chipset driver I am unsure about. My prebuilt PC came with no COA from Microsoft or the builder and the key is stored in the bios. So if I do a fresh install of Windows 10 will it read the key on its own during a reinstall? Or after Windows is reinstalled and I log into email I know key is linked to my account? I have only had new system for about 4 months and have had to do many Factory resets as Windows is broken on PC. I can not turn on the system restore feature and if I try it will never work and no backup software will work either. I tried dozens of programs and all fail to make any backups. The PC Builder just tells me to do factory rests and it never fixes that issue. Also the PC builder said if I tried a fresh install it would void system warranty but I really would like to have Windows system restore working. Last question. I got an SSD 1tb that had Windows 7 on it and the person who ghave it to me says it has a root virus on it. I have not plugged into my system but was thinking of changing my "c:" drive as the one I was given is much larger than current one. So if I decided to swap drives and put virus infected drive in the system and then did fresh window install would it wipe out the virus and all data on the drive? Or should I just toss the drive and buy another? Since I dont have another system I did not want to infect my pc or ones that are on the network. Thanks in advance GrenPara
  25. Hello Guys and Gals, I think I have some malware that is making my computer act strange. First here are the files post says to post here. So whats happening is a mystery icon in notification area that I cant see or click and when i open task manager it vanishes. Then when I close Task Manager the hidden icon shows back up. I see no icon just an extra space in the notification area. Also seems like Windows Explorer keeps resetting. What I mean is all desktop icons and all taskbar icon vanish and then after a minute or so they all reappear. It is happening often which is driving me mad. Before I decided to post today I ran multiple scans using multiple programs and all show clear except adwcleaner which shows a conduit but I know that it is safe. Even Eset Online virus scan shows clean on full system scan. I ran Spybot SD and it found no malware. I have a massive Host file where thousands of sites are blocked but thats the way I like it. So if anyone can take a look and see if they see anything that could be the cause that would be great. I also have a non-malware question which I will post in another thread. Thanks in Advance Grenpara Threat Scan 1.txt Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.