Cartel
Members-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Cartel
-
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
still not fixed, maybe by 2020? -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
Hello I'd like to help mbam remove this false positive for Registry Keys: 1 PUP.Optional.Hicosmea, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}, , HKEY_USERS\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86} This key is created everytime I use Windows Media Encoder x64 Edition https://go.microsoft.com/fwlink/?LinkId=67406 -
Question regarding CEF folder and WidewineCDM
Cartel replied to Ginga's topic in General Windows PC Help
I have the CEF folder but I never have had steam...- 5 replies
-
- CEF folder
- WidevineCDM
- (and 4 more)
-
I installed 2.2.0.1024 because is said "Enhanced safeguards to prevent false positives on legitimate files". I had some false positives before so I removed them from quarantine and exceptions to see if they were no longer detected. It detected them all again so I re-applied my exceptions and decided to "fix" the other 2 items. I chose not to reboot and while running another program I was greeted with a UAC prompt accompanied by the "secure desktop" which I have disabled. I ran autoruns and noticed the windows defender service and iphelper service were both running also. I have no reason to have these so I disable them. After I disabled these items again, after a reboot they were "fixed" back to automatic start-up again, so was the UAC setting. I used the "recommended" threat scan and I don't see anything that mentions these actions so it's kinda annoying that these settings were altered against my wishes. I only use mbam once in a while and then delete it, as I did earlier, I'm sorry I cant give you the logs but I'm 100% sure that these changes are made by the software.
-
MBAM does things without asking, like re-enabling UAC settings and re-enabling the Windows Defender and the IP Helper service. Is that really necessary?
-
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
I never had any detections but those, I run mbam and have run your antirootkit before also. This only happens every 6 months I do a double check with mbam and then use Avira 24/7. Avira 9 actually, shhhh I backed up the keys and deleted them. CD burning still seems to function and thumbnails still work so the only way to be sure is to nuke the entire site from....oops I mean safer to delete the keys. If it was something critical I'd be more concerned thanks -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
Here it is. thanks FBEB8A05-BEEE-4442-804E-409D6C4515E9.zip -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
Thanks for the reply. Here you go: (Creation dates are today because I restored the keys.) FBEB8A05-BEEE-4442-804E-409D6C4515E9.txt -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
-
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
FBEB8A05-BEEE-4442-804E-409D6C4515E9 keys -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
These keys are for CD burning. Installed with the OS (Windows 7 64bit) ********************************************************************************** *** Trojan.Poweliks.B, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}, , [72383eeed9b2280e8efa6b97b14fc63a], **Hijack.Trojan.Siredef.C, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4], **Hijack.Trojan.Siredef.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4], ************************************************************************************ *** These keys are my group policy software restriction rules to stop Avira nagging. Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [7238af7ded9ea29489d6c7a4b94b55ab], **Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [4466fd2fb5d6c4726df25e0d9a6a728e], **Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [7238af7ded9ea29489d6c7a4b94b55ab] **Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [4466fd2fb5d6c4726df25e0d9a6a728e] -
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
Cartel replied to Cartel's topic in File Detections
Be nice if I could edit the preview of my post or edit it after posting.....sorry its a block of text, it wasn't when I typed it. -
These keys are for CD burning. Installed with the OS (Windows 7 64bit) Trojan.Poweliks.B, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}, , [72383eeed9b2280e8efa6b97b14fc63a], Hijack.Trojan.Siredef.C, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4], Hijack.Trojan.Siredef.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4], These keys are my group policy software restriction rules to stop Avira nagging. Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [7238af7ded9ea29489d6c7a4b94b55ab], Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [4466fd2fb5d6c4726df25e0d9a6a728e], Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [7238af7ded9ea29489d6c7a4b94b55ab] Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [4466fd2fb5d6c4726df25e0d9a6a728e]