Jump to content

Ginga

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by Ginga

  1. I do have Steam installed with quite a few games, so that is probably the cause. Thank you for clearing out the origin of the folder :-) And thank you David for the tips regarding temp folders.
  2. I'm currently in the process of doing some cleaning on my computer. Last night I noticed a folder titled CEF under AppData Local. Basically I'd just like to ask people on this forum if this sounds legitimate or if it's something I should be concerned about. I will try an be as specific as possible with the details and the included files. Opening the CEF folder reveals a folder titled User Data which contains 2 other folders titled Dictionaries and WidevineCDM. Dictionaries is empty, but WidevineCDM contains a folder titled 1.4.8.824 (current version?). Said folder contains 3 other folders _metadata, _platform_specific and imgs aloung with two files named manifest.fingerprint (0 bytes in size) and manifest.json (957 bytes in size). The folder imgs simply contains a single PNG image in form of a Google coloured lock of sorts. The folder _metadata contains a file titled verified_contents.json (1,47 kb in size). The folder _platform_specific contains the folder named win_x86 which reveals the 2 .dll files widevinecdm.dll and widevinecdmadapter.dll and another file titled CdmAdapterVersion (12 bytes in size). The details for the widevinecdm.dll file claims that it's author is Google and the author for the widevinecdmadapter.dll is The Chromium Authors. (screenshot added for more specific file details and pardon the lack of english language). All files comes out as clean according to Malwarebytes Free and Nod 32 Antivirus 8 and the Eset Rogue Application Remover claims that my system is fine. After doing a bit of Google I can understand that all of these Widevine files is very much the product of Google and is used as some sort of DRM for video services such as YouTube and Netflix? (Please correct me if I'm wrong.) And it sounds like it might be related to using the HTML5 player instead of Flash? It also sounds like these files are auto installed onto the system without the users approvral, which comes of as a little sketchy to me. I haven't had used Adobe Flash Player for ages due to security concerns and I have Silverlight installed for the use with Netflix. I'm not even using Google's Chrome browser, nor do I have it installed. I'm currently using the latest version of Internet Explorer with ActiveX filtering and other increased security settings. I am however using Gmail which obviously requires me to log into Google's services. So basically, does all of this sound right that these Widewine related programs are installed on my system when I don't even use the Chrome browser, or are they browser indiffrent? If someone knows of these things and can explain these it I would be very grateful I can't really seem to find any information regarding these programs when your browser is IE. All that really comes up is Chrome related topics.  
  3. Thank you very much to the crew at Malwarebytes for quickly sorting this out Glad I decided to report this before deleting the files. I can only imagine that my system might have become unstable if I had deleted these registry keys.
  4. Excellent! Thank you very much for the swift support Have a great day!
  5. Ah okay. So hopefully that file was also just a harmless false positive then? So should I just choose to ignore these 10 false positives and update Malwarebytes and do a new scan then? My apologies for all the questions, I just want to make sure that no mistakes and misunderstandings are made
  6. If you could please guide me through the exact steps to do this I would be most appreciative Do I need to just copy the file and attach it to a zip folder? Also could I send the file to you over a private message instead of this open board?
  7. Ah, my bad. The thread has now been posted on the correct section. Could we perhaps delete this here then?
  8. So much for copy&pasting I forgot to attach the screenshot I also took.
  9. I posted this on the wrong board, so I shall copy&paste my original post to here. Malwarebytes Anti-Malware Home (Free) "version 2.2.0.1024" just found 10 Trojans on my system. However, before running the MB scanner I ran Eset Nod 32 Antivirus 8 (latest version) and it didn't find any treats. I scan my system everyday, sometimes multiple times a day, using both programs and since these treats are marked registry I'd rather not delete them until we can confirm if they're just false positives or actual Trojans. Please help. Copy paste from the scan results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19-10-2015 Scan Time: 15:43 Logfile: Malwarebytes resulsts text.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.19.02 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Custom Scan Result: Completed Objects Scanned: 444254 Time Elapsed: 1 hr, 2 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0AA878E-97A5-44df-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0AA878E-97A5-44DF-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.FakeMS, C:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b\IMTCCAC.dll, , [1ab469ef4c3f8da9e12d940302ff3ec2], Trojan.FakeMS, C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_faff6acb5cd29b45\IMTCCAC.dll, , [9b33bc9c8b00dc5a0a0498ff2ad70af6], Physical Sectors: 0 (No malicious items detected) (end)
  10. Malwarebytes Anti-Malware Home (Free) "version 2.2.0.1024" just found 10 Trojans on my system. However, before running the MB scanner I ran Eset Nod 32 Antivirus 8 (latest version) and it didn't find any treats. I scan my system everyday, sometimes multiple times a day, using both programs and since these treats are marked registry I'd rather not delete them until we can confirm if they're just false positives or actual Trojans. Please help. Copy paste from the scan results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19-10-2015 Scan Time: 15:43 Logfile: Malwarebytes resulsts text.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.19.02 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Custom Scan Result: Completed Objects Scanned: 444254 Time Elapsed: 1 hr, 2 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0AA878E-97A5-44df-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0AA878E-97A5-44DF-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.FakeMS, C:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b\IMTCCAC.dll, , [1ab469ef4c3f8da9e12d940302ff3ec2], Trojan.FakeMS, C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_faff6acb5cd29b45\IMTCCAC.dll, , [9b33bc9c8b00dc5a0a0498ff2ad70af6], Physical Sectors: 0 (No malicious items detected) (end)
  11. Great to hear you're taking care of our reports But Im afraid that I cannot report back, since I paniced and delete the two programs being "infected", Asus Six-Engine and TurboV I never used them anyway, hehe..
  12. *Note* There, corrected a spelling error.
  13. I have the same problem! My scanner is targeting the pnigio.dll in my TurboV and Six Engine for Asus! I wonder if its a glitch in Malwarebytes?
  14. I have no idea if this is a glitch or something. I scan my pc twice a day with my programs, but after the latest Malwarebytes update, it target the following files as infected; (I'll write it down here too since the attached log is in danish-partly) Memory Module: c:\program files\ASUS\six engine\pngio.dl Memory Module: c:\program files\ASUS\TurboV\pngio.dl File: c:\program files\ASUS\ Six engine\pngio.dl File: c:\program files\ASUS\TurboV\pngio.dl Those are power supply programs for my computer.. why would a trojan take root there?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.