Sukimal

Thanks most of the detections are about old programs stored (not installed) on some hard disks and cloud disks: file://C:\Program Files (x86)\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe SigSeq: 0x00001667405F1B4F file://C:\Program Files (x86)\DVDVideoSoft\Free Audio Converter\FreeAudioConverter.exe SigSeq: 0x0000166727232B21 containerfile://M:\_Software_\APP\FreeStudio\FreeStudio_6.7.2.909_d.exe containerfile://M:\_Software_\APP\FreeStudio\FreeStudio_6.7.1.316_d.exe Threat Detected: HackTool:Win32/Patcher and Removed! Action: Remove, Result: 0x00000000 file://C:\Users\and\OneDrive - UNF\_APP\Afobe CC2018 64.zip->AICC2018.64-PVP/Patch (PainteR)/amtemu.v0.9.2.win-painter/amtemu.v0.9.2-painter.exe SigSeq: 0x000016678CC0D539 file://C:\Users\and\OneDrive - UNF\_APP\Afobe CC2018 64.zip->AICC2018.64-PVP/Patch (PainteR)/amtemu.v0.9.2.win-painter.zip->amtemu.v0.9.2-painter.exe SigSeq: 0x000016678CC0D539 containerfile://C:\Users\ant\OneDrive\_APP\Afobe CC2018 64.zip Threat Detected: TrojanDownloader:Win32/Banload, partially removed. Operation failed. Action: Remove, Result: 0x8007045D. Please use a full antivirus product ! ! file://G:\Mi unidad\WWW\AMS\_WWWAms.com 2016\Prestashop\emagicone-store-manager-for-prestashop-professional-edition-290-build-702[incl]_crack.zip->lib/aes10.dll SigSeq: 0x00001667C0793422 file://C:\Users\and\AppData\Local\Google\DriveFS\114215225277070100579\content_cache\d32\d73\66362->lib/aes10.dll SigSeq: 0x00001667C0793422 containerfile://G:\Mi unidad\WWW\AMS\_WWWAms.com 2016\Prestashop\emagicone-store-manager-for-prestashop-professional-edition-290-build-702[incl]_crack.zip containerfile://C:\Users\and\AppData\Local\Google\DriveFS\114215225277070100579\content_cache\d32\d73\66362 Threat Detected: Adware:Win32/Tnega!MSR and Removed! Action: Remove, Result: 0x00000000 file://G:\Mi unidad\_APP DRIVERS\_actuales\FreeStudio PREMIUM PAGO\FreeDVDVideoConverter_2.0.65.823_d.exe SigSeq: 0x0000166738DC55B9 file://C:\Users\and\AppData\Local\Google\DriveFS\114215225277070100579\content_cache\d50\d97\52645 SigSeq: 0x0000166738DC55B9 Threat Detected: HackTool:Win32/Keygen and Removed! Action: Remove, Result: 0x00000000 file://C:\Users\and\OneDrive - UNF\_APP\Afobe CC2018 64.zip->AICC2018.64-PVP/Patch (PainteR)/adobe.snr.patch.v2.0-painter.zip->adobe.snr.patch.v2.0-painter.exe SigSeq: 0x000016678A0F1E58 containerfile://C:\Users\and\OneDrive - UNF\_APP\Afobe CC2018 64.zip Results Summary: ---------------- Found Misleading:Win32/Lodi and Removed! Found HackTool:Win32/Patcher and Removed! Found TrojanDownloader:Win32/Banload, partially removed. Found Adware:Win32/Tnega!MSR and Removed! Found HackTool:Win32/Keygen and Removed! Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Wed Mar 29 16:59:19 2023 Return code: 7 (0x7)

Thank you. Kaspersky Virus Removal Tool report: <Report> <Metadata Version="1" PCID="{1B8868C0-3C4C-B7E3-0DC9-DA8040398FD4}" LastModification="2023.03.17 09:19:09.213" /> <EventBlocks> <Block0 Type="Scan" Processed="5661594" Found="2" Neutralized="1"> <Event0 Action="Scan" Time="133234570464110989" Object="" Info="Started" /> <Event1 Action="Detect" Time="133234603706091748" Object="C:\Users\AGUM\Downloads\soft.trator.2023.systemtutos.com\soft.trator.2023.v27.1.1.196.exe" Info="not-a-virus:HEUR:AdWare.NSIS.AdPack.gen" /> <Event2 Action="Scan" Time="133234707917356226" Object="" Info="Finished" /> <Event3 Action="Select action" Time="133235147220082858" Object="C:\Users\AGUM\Downloads\soft.trator.2023.systemtutos.com\soft.trator.2023.v27.1.1.196.exe" Info="Delete" /> <Event4 Action="Disinfection" Time="133235147220082858" Object="" Info="Started" /> <Event5 Action="Quarantined" Time="133235147220082858" Object="C:\Users\AGUM\Downloads\soft.trator.2023.systemtutos.com\soft.trator.2023.v27.1.1.196.exe" Info="" /> <Event6 Action="Deleted" Time="133235147220082858" Object="C:\Users\AGUM\Downloads\soft.trator.2023.systemtutos.com\soft.trator.2023.v27.1.1.196.exe" Info="" /> <Event7 Action="Disinfection" Time="133235147222644557" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report>

Thank you. 1. Microsoft Safety Scanner gives error (I follow instructions, but the error code wasnt in the list) --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.383, (build 1.383.1738.0) Started On Mon Mar 13 18:48:12 2023 Failed to submit MAPS report: 0x80510002 Failed to submit clean hearbeat MAPS report: 0x80510002 Exception Caught: 0x8050800C Microsoft Safety Scanner Finished On Mon Mar 13 18:48:30 2023 Return code: 1 (0x1) 2- eset online scanner (attached) eset scan log.txt

I tried to look for the log of these analyses, but it seems that Trend Micro does not keep this information (at least in the section of the program where the logs appear).

Obviously the file names are not the same, but thanks for the clarification ;-) In fact, in my post I indicated that I was referring to the structure of the name. In fact, the file name varies. The image is just an example. Just like the Malwarebytes log reports also change their name from one to another, but the structure remains the same. At this point, it is very striking that they have EXACTLY THE SAME STRUCTURE TYPE XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.... (8-4-4-4-12) where X are letters and numbers, but the structure of 8 characters, hyphen, 4 characters, hyphen, 4 characters, hyphen, 4 characters, hyphen and finally 12 characters is maintained. This makes me seriously wonder: does the Malwarebytes Chrome extension also use this system of encoding files (perhaps to save reports or to download updates...) as does the Malwarebytes program for Windows? If so, it would be the cause of the suspicious file that Trend Micro detects and scans.

I attach the reports... BUT.... at the end of the Malwarebytes scan I saw something that really caught my attention: The Log file is named the same (or with the same structure) as the suspicious file that is downloaded from Chrome!!! (see image). At this point I realise that I use "Malware bytes browser guard" as a Chrome extension. Is not that file that is downloaded from chrome (and that my antivirus detects and analyzes) generated by the extension of Chorme "Malware bytes browser guard"? Addition.txt AdwCleaner[C00].txt FRST.txt malwarebytes_analysis.txt

Hello, Almost every time I open Chrome it seems that a file is downloaded and the antivirus shows me the following message: "no detected risks in e36a2da7-4056-4bd3..." (see image. the name of the file changes): Although it seems that the antivirus does not recognize that it is a virus, I have the idea that the infected computer could be and that this file is some type of information about the login that is downloaded. The funny thing (and what worries me) is that this file does not appear in the download folder. What do you think it may be?? Any ideas? Could it be, as I say, some type of "background" download of information that a malware is collecting? Thank you