Salonoi
Members-
Posts
17 -
Joined
-
Last visited
Reputation
0 Neutral-
Salonoi started following 3 files reported
-
Hello, I opened firefox and malwarebytes reported blocked website due to trojan. First reported file was HxTsr.exe, second HxOutlook.exe and third firefox.exe. What is reported is this: I have uploaded hxoutlook, hxtsr and firefox exe to virustotal for a scan, these are the results (they seem ok, but hxtsr is still scanning being scanned for its behaviour by virustotaljujubox, seems to be stuck) Hxtsr: https://www.virustotal.com/gui/file/d122879b5adb459b13a35e99acc426d898885b876202ad4260e3a400c7476fd9/detection Hxoutlook.exe https://www.virustotal.com/gui/file/4d926a7dc9d98bf0384b301f70a7bcf4c62f1f5ad687ae4c1b397e0c8ed6faeb Firefox.exe https://www.virustotal.com/gui/file/69159a3f7f48bc897f5e99101da22e6c3df604d2200d584f08e0d778b554f1c4/detection I am attaching all 3 reports. Is this false positive please? malwarebytes 05122023.txt malwarebytes 05122023 2.txt malwarebytes 05122023 3.txt
-
Hello, here I am, again few days later. Malwarebytes found another (false positive?) virus. This time in Wargaming game_center.dll file. I havent played any wargaming game for a long time, maybe a year, nor launched their launcher or anything. I am attaching scan report. Can you check it out please? Thanks. mbam report 2912.txt
-
Hi, It is very likely false positive. I had this file on my PC for months, it is used to extract assets from valve games (mainly for video production), commonly used program. Not sure if MBAM updates by itself (dont have premium version), but half an hour ago scan found this to be a threat. I am uploading the report. Is this false positive please ? Thanks mbam report 2512.txt
-
Hi, I use Roguekiller, Avast, malwarebytes, Malwarebytes mbar (anti rootkit) and Eset Online Scanner (its a one time use scanner). I regularly scan my pc and dont visit dangerous sites, so not sure how I got this,bust avast found HTML:Scam-P [Phish], on file or website or dont know what it is called game4853.firdayfun78.live . I think however that I accidentally clicked on one website on google on 27th that showed this up? This keeps showing up only on Avast and nowhere else. Even when I put it in virus chest, it doesnt show up there. Avast reports only name of infection, and not infected file, or its location. I think I became infected on October 27,1:27 AM because Avast in notification history reports "threat blocked" and that it safely aborted connection to that game4853 website. I suppose it did not abort anything since it keeps reporting this infection :/. I think back then I clicked accidentaly on one website on google where I received this report. So, I got help at bleeping computer, with farbar logs they managed to get rid of the issue, and I was no longer seeing infection on avast for like 2-3 days, but for some reason it reappeared again, I have not clicked on any weird website or anything. Here is original post on bleepingcomputer: https://www.bleeping...mlscam-p-phish/ Thing is, that I might be dealing with something probably more difficult, I think problem might be reappearing for as long as infected file is still on my PC, unfortunately avast doesnt report location of the file. Can you guys please help me find core of the problem? I am attaching farbar logs (and screenshot of what avast keeps reporting) that I produced right after finding that virus yesterday, and before I tried to put it in chest or delete it (which doesnt do anything anyway). FRST.txt Addition.txt
-
Thanks:)
-
Listen,could you please confirm for me if Malwarebytes Mbar detected false positivr as well? And if the file Default.Sfx is safe? Thanks
-
Woohoo,thanks buddy
-
Thanks. So,this is a false positive then? No threat ?:)
-
Hello, I scanned my computer with roguekiller, eset online scanner,malwarebytes, malwarebytes mbar. Malwarebytes Mbar found this as infected file. File located in winrar folder called Default.SFX. I uploaded file to virustotal and more antivirus programs picked it up. https://www.virustotal.com/#/file/0a2484026f989bbc29caba5873ac9c0a64ecad529b76f08a50cb1ec470b04453/detection Then I scanned my computer with Malwarebytes and it caught this: Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-K.MBAM, No Action By User, [8009], [664683],1.0.10008 Trojan.FlyStudio, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DEFAULT.SFX-U.MBAM, No Action By User, [8009], [664683],1.0.10008 Trojan.FlyStudio, C:\WINDOWS\TEMP\AVAST_ASH2\WINRAR ARCHIVER (64 BIT)\WINRAR-X64-570CZ.EXE, No Action By User, [8009], [664683],1.0.10008 I am attaching the file. Is this please false positive or real? Thanks. Default.zip
-
Neee help - bootkit/bios/mbr infection?
Salonoi replied to Salonoi's topic in Resolved Malware Removal Logs
so it is safe to say that everything is all right even outside of basic partitions. great thank you very much for your help :). -
Neee help - bootkit/bios/mbr infection?
Salonoi replied to Salonoi's topic in Resolved Malware Removal Logs
I tried it now, downloaded it from one known site (not sure if posting names is allowed here), it has many tools. Not sure if it is the most current version, but hope it is. Here is the log. It found quite a lot of things, but I do not know if they are false positives or actually important. I had ADS turned on and both drives picked and had antivirus on. I did not get any warning message or anything though. gmer.log -
Neee help - bootkit/bios/mbr infection?
Salonoi replied to Salonoi's topic in Resolved Malware Removal Logs
I had a suspicion because my bios had fourth bootable device - network adapter turned on. I know I did not mess with it and after googling I found it is not usually turned on by default. my friend though installed windows first time on my pc 2 years ago and messed little bit with booting order in bios,but he said he did not touch that one. He may have, just not remember. I reinstall my os from time to time, yesterday after finding that out I reinstalled it again, and tried scans with things I mentioned in first post. mbar after update was not able to to start, it threw error with driver being encrypted or something, and aswbar afterwarda froze. I had to reboot. after rebooting windows logged me with temp profile. i tried mbar,it worked and also aswbar again, it worked as well,but I tried mbrfix in aswbar after its scan and it just threw me error. I was not able to do it for some reason. i reinstalled it windows again, just to be sure. Is there anything suspicious please or would you be able to detect something bad from my scans, even if it was outside of hdd basic partitions? -
Neee help - bootkit/bios/mbr infection?
Salonoi replied to Salonoi's topic in Resolved Malware Removal Logs
eset online scanner found nothing. is MBR partition and bios safe then as well? Or should I use another scan as well? thank you -
Neee help - bootkit/bios/mbr infection?
Salonoi replied to Salonoi's topic in Resolved Malware Removal Logs
sure, here they are. rk.txt Addition.txt FRST.txt -
Hi guys, I had some behaviour on pc that I could not explain, and I just want to make sure that I do not have mbr/bios virus. Does malwarebytes anti malware,malwarebytes anti rootkit, eset online scanner,roguekiller scan boot sector as well? Also, are there any programs that scan for bootkits? I searched on google and found mswbar,gmer and tdss killer that supposedly could find them and erase them,is it true? Could scanning with them get rid of the potential virus? I tried mswbar and it at first scan froze,second scan worked normally and it reported unknown mbr code being there,i then tried mbrfix and it reported error. next time I booted i could get in with temporary profile. thanks.