Jump to content

dsafk

Members
  • Content Count

    33
  • Joined

  • Last visited

About dsafk

  • Rank
    New Member
  1. Yep, used msert.exe scan which did turn up some malware on the system. Some were false positives, matching with Loki's Yara signatures. While all detected malware was removed by msert, the firewall notifications continued to show. I just wiped everything installed Windows again.
  2. Just applied reg and rebooted. No luck, still getting the notification
  3. Yeah, definitely some weirdness going on. Might try running some of those binaries in the Loki log through VT as a last ditch effort. Could also just be a bug in Windows 10. I'm gonna leave the notifications for the FW to keep track of the time when "FW is being disabled". Also going to see what the Microsoft community has to offer as far as advice. Will shoot you a DM if anything comes of that or perhaps I end up finding something deeply rooted/obfuscated. Really appreciate the time you put into this.
  4. To be clear, I didn't click the notification
  5. Appears to be running even though notification pops up
  6. Nope. Followed the instructions, reset FW, then reboot. FW "Turn on Windows Firewall" notification popped up a couple minutes after boot.
  7. Couldn't see any underlying issues with the account. Possibly because I had an old Microsoft account (.edu type) that I was using which still had Microsoft Office 365 subscription (1 yr). Switched that subscription to my new (non .edu) account once subscription ended but forgot to remove that old .edu account from the account listing. At least that's the screen that popped up under Windows 10 settings, so that's my best guess. Went ahead and clicked removed on the old account. Probably didn't fix anything. Verified password hasn't changed for those accounts and 2FA is still present on both.
  8. It's a big one loki_DESKTOP-6UGLE9N_2020-06-12_08-28-32.log
  9. Okay. It uses yara rules to detect weirdness on the system. Produces a log of everything it found. Still running, might be a bit.
  10. Ran across Loki IoC scanner. Still running right now. I can stop the scan and move to clean boot or let the scan finish. What do you think?
  11. Changes took successfully then rebooted. Was waiting to see if any notification would popup and it just did saying same thing, windows firewall has been turned off
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.