perdrix
Members-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by perdrix
-
Here's the AdwCleaner log: # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-28-2022 # Duration: 00:00:10 # OS: Windows 11 (Build 22621.819) # Scanned: 32070 # Detected: 21 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0C96E9FC-BFCA-4191-8CEC-93CDA6CB91C0}C:\program files (x86)\sharpcap 4.0\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E5D705D3-9965-4D3D-AAB6-F698CD383EA1}C:\program files (x86)\sharpcap 3.2\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E1F3544A-7349-473B-8D67-430E033D8855}C:\program files (x86)\sharpcap 3.2\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F5BB7809-0BA4-4721-A0A1-62CEC32C34C3}C:\program files (x86)\sharpcap 4.0\sharpcap.exe PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.DellDataProtection Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|CSFTrayApp Preinstalled.DellDataProtection Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C11FE22-53F2-4C9B-9E79-824B10D0976E} Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST Preinstalled.DellSupportAssistAgent Folder C:\Users\amonra\Documents\DELL\SUPPORTASSIST Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C594468-36F5-4C05-9BF1-DF9DDBA09BF3} Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C594468-36F5-4C05-9BF1-DF9DDBA09BF3} Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE AdwCleaner_Debug.log - [16992 octets] - [17/11/2022 16:02:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## I don't see anything there' that looks "dodgy" D.
-
OK It's now letting my posts in! I can't remember exactly but AdwCleaner didn't find anything of interest, but malwarebytes continued blocking BitTorrent, so I turned off the "trial" of the non-free stuff. If the detection was genuine, is there an alternative torrent client that MWB won't dislike. Thanks, David
-
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/3/18 Scan Time: 11:03 AM Log File: c819e05c-f075-11e7-9f09-005056c00001.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3613 License: Trial -System Information- OS: Windows 10 (Build 16299.125) CPU: x64 File System: NTFS User: APOLLO\amonra -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 696419 Threats Detected: 17 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.eSupportNTFSUndelete, HKU\S-1-5-21-694050897-1356031325-3940840900-1001\SOFTWARE\ESUPPORT.COM\NTFSUndelete, No Action By User, [1981], [355425],1.0.3613 PUP.Optional.Amigo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe, No Action By User, [3877], [386186],1.0.3613 PUP.Optional.eSupportNTFSUndelete, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NTFS Undelete_is1, No Action By User, [1981], [355426],1.0.3613 PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, No Action By User, [10], [351113],1.0.3613 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.eSupportNTFSUndelete, C:\PROGRAM FILES (X86)\ESUPPORT.COM\NTFS UNDELETE, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ESUPPORT.COM\NTFS UNDELETE, No Action By User, [1981], [358076],1.0.3613 PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, No Action By User, [635], [384138],1.0.3613 File: 10 PUP.Optional.eSupportNTFSUndelete, C:\USERS\PUBLIC\DESKTOP\NTFS UNDELETE.LNK, No Action By User, [1981], [355427],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, No Action By User, [635], [384473],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\FAVORITES\Mail.Ru Агент - используй для общения!.url, No Action By User, [635], [471428],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\FAVORITES\Mail.Ru.url, No Action By User, [635], [471428],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\NTFSundelete.exe, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\unins000.dat, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\unins000.exe, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com\NTFS Undelete\NTFS Undelete.lnk, No Action By User, [1981], [358076],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com\NTFS Undelete\Uninstall NTFS Undelete.lnk, No Action By User, [1981], [358076],1.0.3613 JokeTool.ScreenMate, C:\PROGRAM FILES (X86)\SCREENMATES\FELIX2.EXE, No Action By User, [4066], [474622],1.0.3613 Physical Sector: 0 (No malicious items detected) (end)
-
There may be malware around that hides under this name, but I'm running the original animated cat that IS NOT MALWARE. So, please if you find this on a computer do at least make additional checks before you pronounce malware on it. Dave