Jump to content

Lynched

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by Lynched

  1. One last side note: some of the logs differentiate. The Name= region will sometimes state "PowerDVD12" or "CyberLink Media Suite12". So, again, likely all originating from the same program. Maybe after it had updated? I don't really use CyberLink, so maybe doing a complete uninstall would be best. Cheers, -L.
  2. Hello there, The full log is: # AdwCleaner 7.0.1.0 - Logfile created on Sat Aug 19 00:30:46 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log Deleted: C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log Deleted: C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log Deleted: C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/.~lock.AdwCleaner[S0].txt# - [99 B] - [2017/8/19 0:30:15] C:/AdwCleaner/AdwCleaner[S0].txt - [1242 B] - [2017/8/19 0:30:14] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## As a side note, these folders/logs can still be found within the Quarantine folder. I looked at them all; they all seem to originate from CyberLink Media Suite Essentials (a pre-installed program that came with the PC.) They all say the same thing: [Application] Name=PowerDirector12 Version=12.0 Company=CyberLink Lang=0409 [ResponseResult] ResultCode=0 If these are things that can (or should be) restored, do let me know. If that's the case, I may need some tips on how to do so. Cheers, -L.
  3. Hello! I have a quick question, regarding AdwCleaner. I was doing a routine scan and it had found these via Folders: ***** [ Folders ] ***** Deleted: C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log Deleted: C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log Deleted: C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log Deleted: C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log I went ahead and removed them, without really thinking it over. One of the logs originates from a Cyberlink program, I believe. (Which was reported as a false positive here.) Would anyone happen to know where the other logs originate from? Since they've been stupidly deleted, will this cause issues? I've done an sfc/scannow and hard drive tool check, to be safe. Everything seems to be working fine.
  4. Ah, that explains that. I am indeed running 3.0.6. Duly noted! Thanks for the response. Cheers, -L.
  5. Hello there, Hopefully I've posted this to the right forum. Long story short: I've had a Rootkit detection scare several days ago. This happened immediately after the last Windows update (KB4034662/KB4034674). I always run Malwarebytes (free version) after running my default Anti-virus when doing Windows updates. The scan claimed it found an "unknown Rootkit": -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) *File: 1 Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\drmk.sys, Replaced, [0], [0],0.0.0 Physical Sector: 0 (No malicious items detected) (end) Not really thinking it through, I went ahead and quarantined the file, then removed it. Since this file was part of the core driver files for Windows, my PC naturally blue screened mid-process. I rebooted, then ran an sfc/scannow via Command Prompt, and was able to reinstall the damaged driver with seemingly little problems. I've since then ran some additional anti-virus scans and Rootkit cleaners (ESET online scanner, TDSS Killer; etc.), and several more Malwarebytes scans; all of which found nothing. My question here is, was this potentially a false positive? Are there any additional security steps I should proceed with, assuming this was a legit Rootkit? Cheers, -L.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.