benrosemberg
Members-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by benrosemberg
-
Hey Kevin, Kontakt and Steam both mean something, but the rest don't mean anything to me. - Kontakt is a VST plugin for synth and other such MIDI-input driven instruments. Version is patched but I could delete if needed. Definitely wouldn't need an update on it ever, though (due to patched nature), so "Kontakt_update" is basically useless. - Steam is the gaming platform. But I'm not sure what "steam_api" is. I had seen some pop-ups in reference to this before, but I dismissed it as false positives after installing Steam. Could also delete if needed but I do game on it here and there. Thank you! Ben
-
Hey again Kevin, I initially suspected the RevSvcs.exe file may be in fact manipulated by something else, but the fact that only Windows Security flags it (while Virus Total and other such services do not) made me question this. That is from patched software, which I don't even need or use any longer and could simply delete. However, it appears Windows already took care of the issue, as the file in the question is no longer in the folder mentioned. Please see attached log as requested. Thank you, Ben Search.txt
-
Thanks so much Kevin. I ran all of those steps as instructed, and rebooted. On launch I'm still getting pop-up as attached (Startup popup.JPG), and while a virus scan with Windows Security didn't show any threats, the protection history does show an app being blocked and a threat quarantined just a few minutes prior to having started the scan (Capture1.JPG and Capture 2.JPG). Then, just as I was typing this, I received another threat notice (Capture 3). Malwarebytes didn't flag anything when I ran the same folder through it. Windows blocked the threat, so all appears ok. I'm starting to think maybe Windows Security is giving me false positives?
-
Hey Kevin, Just came back home where I had left it running. Report was as follows: C:\Windows\system32> DISM /Online /Cleanup-Image /RestoreHealth Deployment Image Servicing and Management tool Version: 10.0.18362.900 Image Version: 10.0.18363.900 [==========================100.0%==========================] The restore operation completed successfully. The operation completed successfully. Does this mean in theory I should be all good? No more popups for RegAsm & RegSvc and Windows Defender will no longer report backdoor virus? Thanks again! Ben
-
Thanks again Kevin - attached is zip file as requested. The scan didn't yield specific errors, just "Windows Resource Protection found corrupt files and successfully repaired them...." I also should note that I got those pop-ups again ("application unable to start" related to RegSvc and RegAsm) when I first launched command prompt as administrator. Thank you, Ben CBS.zip
-
Good afternoon, I've decided to post here since I can't seem to find anything online that can help me out with this. Windows Defender seems to constantly find the following threat, even though I always quarantine/delete it. Along with this, I get pop-ups saying RegSvc.exe (or RegAsm.exe) failed to run. Windows Defender seemingly find the virus/malware, but doesn't appear to fully delete it. Malwarebytes doesn't pick it up at all: Backdoor:MSIL/Orcus.A!bit found in: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe Any help would be greatly appreciated! Thank you, Ben