Jump to content



Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

If you remove it does it come back?

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

1 hour ago, nasdaq said:

If you remove it does it come back?

I can't remember now if I tried to remove it.  I was afraid to remove it recently because I don't know what program is using it.  I think it looks little weird, as little as I know about the Registry, it don't look like a normal Registry Key to me.  Honestly it has not affected my pc one bit, and this is why I have not taken care of it till now.  I also have multiple computers so no hurry, but this is my most important pc.




Link to post
Share on other sites

I found the Thread that I created due to this same issue.  Sorry for the confusion, but I still don't understand what it is or what to do with it?  From what Didier Stevens was saying it was okay as long as the digital signature is good, but I don't know how to check that.  Suspicious Download Results?

I also made a mistake in the first part of that thread as to what I downloaded.  This is what I downloaded "Lazesoft Recover My Password 4.2.1 Home Edition (Free)"  "lsrmphdsetup.exe"  At the bottom of THIS PAGE.

So I'm quite sure this is what I'm seeing, though don't know where the detection is coming from.  I assume it is coming from the File itself because I don't remember installing it.  Or I started to install it and thought it better not to on my main machine.  Hope that was clear, I'm not feeling well today.

What's really weird is I contacted Lazesoft a while back and they gave me this MD5: D8A1D239E6F74318BC0362C75D7CFA07 for that file.  And even gave me a Link to the same file but not the cnet link I guess.  I downloaded it and the MD5 above did not match.  I gave up, but I should have contacted them and told them the Hash did not match.

If you want I can just delete that file and run another scan.

Link to post
Share on other sites


Your logs are clean.

Right click on the the file lsrmphdsetup.exe and check where it's from.

You can submit the file to VirusTotal to find out if it's safe.

Follow the instructions on the page.


As for the item reported by MBAM run the tool and delete it.







Link to post
Share on other sites


I should mention Virus Total Community score was    -12, That's a Negative 12.  But that is just opinion I would guess.

The only one I see at VirusTotal is this one.

Was your link the same?

Post it if you have it.

Link to post
Share on other sites

Yes, the Link is the same. 

The mistake was, they seemed to have sent me the wrong link, and instead linked me to the download for "lsrshsetup.exe", instead of the one I wanted: lsrmphdsetup.exe.  I didn't look at it closely to see it was not the same download.  The "lsrshsetup.exe" is the one that had the bad Reputations.  All good now, thanks for taking the time to get me straightened out.  I know this for sure as I have a copy of the email with the link, so there is my confusion.  

I did Quarantine the file and re-scanned and all looks good.

Just re-scanned the "lsrshsetup.exe" at VirusTotal and HERE is what I got.  It took longer this time than it did before, and unfortunately showed one detection.

I will Delete this folder once you have all the info you wanted.  I don't need this software anyhow, it is already on my other computer from the lsrmphdsetup.exe, which is the one I wanted.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.