Jump to content

Recommended Posts

It seems to be trying to hide using another program's signature.  It seems to be targetting Nvidia driver files.

 

 

CodeIntegrity:
===================================

Date: 2019-02-23 10:51:40.788
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\nvvhci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-23 10:51:40.770
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\nvvad64v.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-23 06:20:09.527
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-02-23 06:20:09.527
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-02-23 02:13:38.274
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll that did not meet the Store signing level requirements.

Date: 2019-02-23 02:02:49.598
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll that did not meet the Store signing level requirements.
 

Link to post
Share on other sites

It seems to be a rootkit infection.  I use a SSD caching software and the lights for the SSD/PCIE card isn't lighting up like it use to while booting up.

I don't know how it got there.  I can't identify it.  It seems to like Nvidia driver files.  It seems to have infected Microsoft's Edge browser.  I can't set default browser in Default Apps, but I have Edge, FireFox, Chrome, Internet Explorer.

 

It adds additional characters to the file names it has infected.

\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\

instead of:

\SystemApps\Microsoft.MicrosoftEdge\

 

It did some weird things to the Registry... right-clicking JPG file shows "ms-resource:EditWithPhotos" instead of "Edit Photos"

 

Let me know if you need anything else.

Link to post
Share on other sites

  • 3 weeks later...
  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.