Heavyoak

Registry Value: 2 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6368, 676880, 1.0.65329, , ame, , , PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6368, 676880, 1.0.65329, , ame, , , these are INTENTIONAL changes that I made and every single scan it pops up that I need to remove them. how about no. I can't get mban to ignore them and the exclude list doesn't have an option for them. and no, MRT isn't necessary nor does it do anything other than spy on the computer.

I will not be attaching the log files as they contain far too much personal and private info, but I thank you for that tool as it has pointed out a lot of crap that I need to remove, most of it being left over from uninstalls and the lot.

why would you quote this very thread? if this is a FP then mban need to be updated.

the files that mban has removed? MBan has them in quarantine and im not taking them out.

Malware.AI.853400141, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\WINDOWS\SYSTEM32\SLOTMAXIMIZERBE.DLL Malware.AI.853400141, C:\WINDOWS\SYSTEM32\SLOTMAXIMIZERBE.DLL, Quarantined, 1000000, 0, 1.0.27081, 1C28C237A168FCE032DDDA4D, dds, 00815297 I don't go to any strange sites, nor do I click on any downloads in emails. ad's are blocked, and I have security software both in my browser (chrome) and on my computer (mban, Windows security) the mban scan last week 7/13/2020, didn't find anything but todays 7/20/2020 scan did. so where did it come from, and how did it slip past mban in the first place and why didnt windows security stop it? report.txt

the full log file is already attached to my first post and the forum won't let me attach the .json log file. as for restoring, uh no. I am not restoring potential trojans. tell me how to pull copies of the contained files from the mban vault and I will send you that in a zip. edit: I found on my own the vault and zipped the files. the zip is attached. c02f73b6-f918-11e6-a141-e0469a2ce99f.zip edit2: the .json log as a zip and a screenshot. f6bad49e-f917-11e6-9533-e0469a2ce99f.zip

File: 2 Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE, Quarantined, [85], [373227],1.0.1324 Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMD.EXE, Quarantined, [85], [373227],1.0.1324 the folder and other file in it were created in 2015, so i'm doubting this detection, but I quarantined anyway. full log file is attached, along with a zip of "NirCmd.chm", the only other file that was in the folder. nircmd trojan 2-22-17.txt NirCmd.zip