Jump to content

luckyblindshot

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sent them to the recycle bin and deleted them. My main concern is that when I looked up zamguard64.sys people were saying that it's a trojan that exploits a driver from Zemana anti-virus to disable other anti-virus software and facilitate other infections. Someone on Reddit said it was a trojan that gives remote access to my computer. Just trying to gauge what I'm dealing with here haha. Like I said, I've never had any Zemana software, so it doesn't make sense that it was on my computer. I figured this would mean it was likely of malicious origin. Am I pretty much in the clear after deleting the driver and the other two ZAM files, then? Or are there other steps I should be taking?
  2. Gotcha! Thanks for explaining. A few more questions: zamguard64.sys is still showing up in this file path: C:\Windows\System32\drivers\zamguard64.sys Why is this the case if I ran the Malwarebytes scan, quarantined, and then selected "delete" from the quarantine page? How do I go about permanently removing this driver? Also, more "zamguard" related files ZAM.krnl.trace and ZAM_Guard.krnl.trace are showing up in C:\Windows Should I delete these and how do I go about doing it? I am curious as to how these wound up on my computer given that I've never installed any Zemana software. Some people mentioned that it can be from "Malwarefox," but I never had that software either. Let me know what the next steps I should be taking are.
  3. Out of curiosity, how are these updates relevant to my initial concern about the zamguard64.sys concern? Is it just to clean things up to make the diagnostic process easier?
  4. Uninstalled: 7-zip Audacity Mozilla Notepad++ VLC Media Player Updated: Discord NVIDIA GeForce Experience Windows Update
  5. Formatting was strange in my last reply. Here it is again: SecurityCheck.txt
  6. I have completed the requested steps and am includiSecurityCheck.txtng the requested file.
  7. I have completed the requested steps and included the Support Tool file. mbst-grab-results.zip
  8. Hey everyone, I'm new here so please bear with me and let me know what info you need. I recently ran a Malwarebytes scan on my desktop PC. I haven't used it much in the past few months and it previously always came up clean, so I was surprised to see a detection pop up. Upon visiting the location (C:\Windows\System32\drivers\zamguard64.sys) after quarantine, the file is still there. I have since gone into the Malwarebytes quarantine page and clicked "delete" for the file, but when I visited the file path the file is still there. Also, when I look at my scan report summary, under action it says "Removal Failed." I've done a little reading and it seems to be a file that's associated with Zemana anti-virus. I've never installed any of their products, so it doesn't make sense that it's on my computer. Further reading shows that it's a driver that can be exploited by bad actors, but I don't know how or how serious a detection this is. Some links mention a "Spyboy" virus? Another thing that doesn't make sense is that the zamguard64.sys file appears to have been created in June 2018. Not sure if file creation date can be spoofed by malware, but it's curious because it's never come up in a scan until now. I also found two files in C:\Windows called ZAM.krnl.trace and ZAM_Guard.krnl.trace which seem to be related. The first one was last modified in June of 2018, but the second one was modified today. If you guys can help me understand what I'm dealing with here that'd be great. Thanks! .
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.