tedus987
-
Posts
61 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by tedus987
-
-
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 1/15/24
Scan Time: 5:01 AM
Log File: 14b55bba-b363-11ee-b049-b42e9933a280.json-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2242
Update Package Version: 1.0.79658
License: Free-System Information-
OS: Windows 10 (Build 19045.3930)
CPU: x64
File System: NTFS
User: LukeGamingPC\lukef-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1111824
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 2 hr, 24 min, 18 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.EXE, No Action By User, 1000000, 1544300986, 1.0.79658, E648855586E3A2A15C0C29BA, dds, 02649784, 04753524D2CE451DC80A81A0DC6D5069, C30638B6BCFC12A6D1790FFEC95B4E6F71C8142E697E5E2D0C2E218E79124CC6Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)a 10 year old game I think... pretty sure this is a case of new heuristics detecting safe but janky code.
-
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 01/07/2022
Scan Time: 20:28
Log File: 04113824-f974-11ec-ab5c-b42e9933a282.json-Software Information-
Version: 4.5.10.200
Components Version: 1.0.1709
Update Package Version: 1.0.56645
Licence: Free-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: LukeGamingPC\Luke-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 856596
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 3 hr, 19 min, 24 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 2
Malware.Heuristic.1008, E:\STEAM\STEAMAPPS\WORKSHOP\CONTENT\1281930\2793971101\OBJ\DEBUG\NET6.0\REFINT\GRAVITYDONTFLIPSCREEN.DLL, No Action By User, 1000001, 0, 1.0.56645, 0000000000000000000003F0, dds, 01839980, 0AC5C00794F5A4E9FD08B552584A52F0, A813BAD867C746B2337F8EC91B75C9AE063781DFB53056468B69645395A385CC
Malware.Heuristic.1008, E:\STEAM\STEAMAPPS\WORKSHOP\CONTENT\1281930\2793971101\OBJ\DEBUG\NET6.0\REF\GRAVITYDONTFLIPSCREEN.DLL, No Action By User, 1000001, 0, 1.0.56645, 0000000000000000000003F0, dds, 01839980, 0AC5C00794F5A4E9FD08B552584A52F0, A813BAD867C746B2337F8EC91B75C9AE063781DFB53056468B69645395A385CCPhysical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 01/04/2022
Scan Time: 19:37
Log File: c195a230-b1ea-11ec-b028-00ff36ec70ee.json-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53105
Licence: Free-System Information-
OS: Windows 10 (Build 19044.1586)
CPU: x64
File System: NTFS
User: Sarahs-Gaming-Rig\sarah-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 901058
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 4 hr, 43 min, 10 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Malware.AI.1595790594, E:\STEAM\STEAMAPPS\COMMON\PIXAGEFX\PIXAGEFX.EXE, No Action By User, 1000000, 0, 1.0.53105, 1B2838FF1B2838005F1DD502, dds, 01708864, CD439B13A1A9DA7BE2A77F61DB2015A3, 254F87E96619E6FF58FB833DD5BBF0154C3F56ECFBB906EA913F06CE231809CBPhysical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
Scan completed, it didn't detect anything.
-
I can do that, will let you know the results.
-
-
so i noticed Mbam report a file, it suggests an AMD file is a trojan in the file store.
most likely an FPMalwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 19/03/2022
Scan Time: 15:18
Log File: d31263ca-a797-11ec-b204-00ff36ec70ee.json-Software Information-
Version: 4.5.6.180
Components Version: 1.0.1634
Update Package Version: 1.0.52580
Licence: Free-System Information-
OS: Windows 10 (Build 19044.1586)
CPU: x64
File System: NTFS
User: Sarahs-Gaming-Rig\sarah-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 899296
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 4 hr, 50 min, 37 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Trojan.StolenCert, C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNMS002.INF_AMD64_C3BD6686769EE10C\AMD64\FXSRES.DLL, No Action By User, 7504, 1035139, 0.0.0, , ame, , 95F6F0D21ECDABB1DDB503B3BDC38CA8, 8A9552C227FBA50B7C196E16EA5D01E0357E17F3AFEFD65EC3AF1C0C6CD9FEFAPhysical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
so the episodic game "angels of death" on Steam was listed as a detection, it's 4 episodes long and unsurprisingly it's dete4cted each episodes exe file as the same thing.
i have put each in there own folder as to not rename the files.
report as follows.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 16/09/2021
Scan Time: 19:35
Log File: df38ed06-171c-11ec-901c-00ff36ec70ee.json-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45000
Licence: Free-System Information-
OS: Windows 10 (Build 19042.1237)
CPU: x64
File System: NTFS
User: Sarahs-Gaming-Rig\sarah-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 656168
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 2 hr, 55 min, 54 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 4
Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP1\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F
Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP3\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F
Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP4\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913F
Malware.AI.4079382565, E:\STEAM\STEAMAPPS\COMMON\ANGELS OF DEATH\GAMEDATA\EP2\GAME.EXE, No Action By User, 1000000, 0, 1.0.45000, DBD18D6CC01A5C0FF3267025, dds, 01425064, 09DE9EFEEDFEAA7AD75766B877CD2C40, 26796B7CDDC18ED48A70CFFB02B76B0B26E40C9EABC4BC968E706F3794A1913FPhysical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)pretty sure this is an FP.
regards, tidus987
false positive results.txt False positive files (in folders).zip
-
so i noticed a detection on the report that suggests it's Furmark the GPU benchmarking tool???
here's the report
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 08/09/2021
Scan Time: 21:54
Log File: fda716c8-10e6-11ec-8703-b42e9933a282.json-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.44763
Licence: Free-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: LukeGamingPC\Luke-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 717140
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 3 hr, 15 min, 18 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Malware.AI.3553681939, C:\PROGRAM FILES (X86)\GEEKS3D\BENCHMARKS\FURMARK\FURMARK.EXE, No Action By User, 1000000, 0, 1.0.44763, 0C0D07FF181AF22BD3D0E213, dds, 01413785, BB2C0D6845257F10155ADA43E1201B4D, F2AA2B021BFFC2C8FE92CE94EC386F5300B792F8F3670A2E6F761EFD99ADF181Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
malwarebytes just picked up an exe from the epic store. log below.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 01/02/2021
Scan Time: 21:42
Log File: 678bdb72-64d6-11eb-93ac-b42e9933a282.json-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36589
Licence: Free-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: LukeGamingPC\Luke-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 726523
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 2 hr, 16 min, 8 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 1
Malware.AI.4276318247, E:\EPIC GAMES\OFFWORLDTRADINGCOMPANY\OFFWORLD.EXE, No Action By User, 1000000, 0, 1.0.36589, 444B8443414B8398FEE37027, dds, 01098455, 33D22530D9A32D3A327E567A1419AC67, 883E9259E6171C49536D6F02125A6A0A75914C89F8C2749CA094942DA61AE939Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end) -
so i just turned this laptop online after a year of inactivity and no detections to see this.
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 5/26/19
Scan Time: 5:41 PM
Log File: 28c0c886-7fd5-11e9-b49c-887873d2bc3d.json-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10780
License: Free-System Information-
OS: Windows 10 (Build 16299.431)
CPU: x64
File System: NTFS
User: LAPTOP-VD1VDAMR\Sarah Ashworth-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 340858
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 4 hr, 11 min, 10 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 2
Adware.ICLoader, C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\UPDATES\DOWNLOAD\PACKAGEFILES\AD3B839A-E85C-44F0-8FF6-86FEA4B8A62A\ROOT\VFS\PROGRAMFILESX86\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\RESOURCES\1033\MSMDSRVI.RLL, No Action By User, [467], [651132],1.0.10780
Adware.ICLoader, C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\UPDATES\DOWNLOAD\PACKAGEFILES\AD3B839A-E85C-44F0-8FF6-86FEA4B8A62A\ROOT\VFS\PROGRAMFILESX86\MICROSOFT ANALYSIS SERVICES\AS OLEDB\140\RESOURCES\1033\MSMDSRV.RLL, No Action By User, [467], [651132],1.0.10780Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)think it might be an FP as it suggests office as adaware, ran it through virus total, only mbam and one other detected it.
-
threat scan came back clean. here's the MBST
-
Ok so this issue has been running for a while and each time we've not found a reason as to why. sometimes soon after Startup, Malwarebytes will pop up with this error message. "Malwarebytes is unable to load the Anti-Rootkit DDA Driver"
it then requests a restart, runs a threat scan and... were clean, this wouldn't be a problem if not for the fact that it's happening more oftern.
the system this keeps happening on dose not go to new site, has been clean for years, and every virus scan we do comes back clean.
at this stage i wounder if it needs a freash install of malwarebytes to sort itself out.
will send Malwarebytes Support Tool info once restarted and the threat scan comes back clean.
-
so i'm setting this laptop up for personal use and have only had it a week.
this flagged up the day after i installed both 7-zip and paint.net
if not an FP are these just in my cache?
-
i've ran a full scan today with rootkit on, it's still fine the message hasn't poped up again. i normally run a full scan after the system finishes startup with rootkit enabled before i log on to anything that's important to me. i know it's not nessasary when i hardly do any brousing, but i will admit i'm paranoid about security.
to clarify when the message poped up on sunday it was not when starting a scan or a scedualed scan. i started malwarebytes up, as the MBAM front panel appeared so did the message and i chose to reboot to be safe.
but since the one incedent, smooth sailing.
-
Hi, this is mainly to put my mind at ease when asking this. plus i did not know were to put it on the boards.
so i started Malwarebytes 3 today like i do every day on after fully booting the system and i encounted a message were malwarebytes wasn't able to run a driver correctly, the name escapes me but it was a rootkits driver, i think, and malwarebytes said that this could be due to a rootkit. and that it was best to reboot the system.
after re-booting everything seemed to boot fine and i ran MB3 only for it to automatically and without warning run a threat scan. i thought, ok, best let it do it's thing.
once that was done and came back clean i decided to run my normal scan which was a full scan with all 4 boxes ticked and again, came back clean.
i highly doubted there was something on the system because i rarely use it for brousing, don't ever go out of my safety net. (youtube, gameFAQS, wikipedia)
the message hasn't appeared again since then and i launched MBAM multiple times to try and see if it was a one off thing.
what i wanted to ask is if this was just due to me maybe starting it earlyer than expected or a random thing stopping that driver from launching in that instance.
there is no doubt in my mind that my system is clean, this is just me asking to put it to bed and stop my anxaiaty from flaring up.
so could this just be a random glitch were for some unknown reasion the driver didn't launch as normal. is that a thing?
-
thank you
-
2 minutes ago, miekiemoes said:
When you get the detection, uncheck the checkbox, then click next and a popup will display what you want to do with this.
In your case, you need to select "Ignore Always".
thank you, will this record persist if i was to uninstall and reinstall to the latest version of zone alarm?
-
just to clarify, how do i add them to the ignore list, all i have is a remove selected button?
-
1 minute ago, miekiemoes said:
Hi,
This is actually an additional program that came with Zonealarm, so it won't remove your Zonealarm firewall.
You can even uninstall the PC TuneUp seperately if you want - in case you don't use it. This won't delete anything of your Firewall though.
Alternatively, you can indeed set what it detected to the ignore list or add the C:\Program Files(x86)\PC Tune-UP folder to your exclusions ( Settings > Malware Exclusions > Add Folder)
what about the registry key?
-
9 minutes ago, miekiemoes said:
Hi,
This isn't a false positive - Please see above.
Thanks!
ok, i've contacted the PUP team as per the post you led me to, i know the PUP it's detecting is part of the zone alarm extreme security package and if i try to remove it zone alarm will stop working which will remove my main firewall. can i add an exception in to malwarebytes?
-
ok, so my PC just detected 240 PUPs, i recognised the address as the one for the zone alarm tool, PC Tune-up
-
thank you, i will do that.
-
the registriy keys aswell?
Steam Divinity 2 False Positive?
in File Detections
Posted
auto run on steam got picked up as malware
False Positive?
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/8/24
Scan Time: 3:53 PM
Log File: ff2f5da6-dd63-11ee-b336-b42e9933a280.json
-Software Information-
Version: 4.6.10.316
Components Version: 1.0.2286
Update Package Version: 1.0.81929
License: Free
-System Information-
OS: Windows 10 (Build 19045.4046)
CPU: x64
File System: NTFS
User: LukeGamingPC\lukef
-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1173120
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 4 hr, 45 min, 6 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.EXE, No Action By User, 1000000, 1544300986, 1.0.81929, E648855586E3A2A15C0C29BA, dds, 02726764, 04753524D2CE451DC80A81A0DC6D5069, C30638B6BCFC12A6D1790FFEC95B4E6F71C8142E697E5E2D0C2E218E79124CC6
Malware.AI.1544300986, E:\STEAM\STEAMAPPS\COMMON\DIVINITY2_DEV_CUT\AUTORUN.ZIP, No Action By User, 1000000, 1544300986, 1.0.81929, E648855586E3A2A15C0C29BA, dds, 02726764, ,
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
false positive.txt False Positive.zip