Jump to content
dawid

rtkhdasettings, files with passwords

Recommended Posts

Hi.

Please help me.

i scanned my computer and he didin't find any viruses but there is 25 files with password.

I already scanned by malwarebytes and there was something PUP.Optional.InstallCore which is already in quarantine. then i skaned again with my Bitdefender total security and again found 25 files with password and that was in rtkhdasettings.

I also download and skaned computer by FRST so i have all logs.

Can anyone help me with this? if there is any virus or something? And how to fix it this?

Thank you for any help.

 

Share this post


Link to post
Share on other sites

Hello.     :welcome:

Please do all the steps listed on this pinned topic

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

then attach all reports files ( including the last scan with Malwarebytes)  into your reply to this thread-topic

We have to have reports before we can do anything.

Share this post


Link to post
Share on other sites

Just so it is clear, having a zip file named rtkhdasettings.zip in the folder C:\windows\system32\drivers  does NOT indicate a malware infection !

Share this post


Link to post
Share on other sites

If there is no viruses on my computer then is greate but I'm not sure.  You are the experts , that is why i asked someone here 😃

thanks for any helping!

 

Share this post


Link to post
Share on other sites

quick note, Please just only attach report files.  Do not copy and paste inside the main body of reply.

  • To save attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

 

Share this post


Link to post
Share on other sites

Thanks.  But before we go forward, this system has one too many antivirus programs installed and active.

If you did not pay for Avast antivirus, I need for you to Uninstall it  and restart Windows.

This pc had already the BitDefender antivirus.   Is that the paid-for one or is it a free one ?

You should know that the Windows 10 comes pre-packaged with a built in antivirus from Microsoft Windows,  that is the Windows Defender antivirus.

It is not a good practice to have more than one antivirus.   Because that condition will lead to a conflict friendly deadlock situation.

.

A wholly separate question which deals with your original post.   Is there just one file that has a password issue ?

or do you really mean several ?   and how did you determine they have a password?

where exactly are they located  & what are the full folder locations & file-names ?

 

NOTE:  I can guide you thru several security scans to check for a malware.  That I can do.

But the one file you had mentioned in System32 is not a malware.

 

For now, figure out which antivirus you will keep and let me know after you have got that issue corrected.

Avast is not one I recommend since it does add add-ons that make things more complicated.

Share this post


Link to post
Share on other sites

Thank you for your answer.

Avast was free and uninstalled.

Bitdefender is for what i paid.

I know that windows have own antivirus but i wasn't sure if that was good enough.

Bitdefender shows me 25 files with password from that locations, few on each lokation:

C:\Windows\System32\drivers\rtkhdasetting.zip=>rtkhdasetting=>103C82CB=>APO.zip=>APO=>82cb0220=>82cb0220.txt

C:\Program Files\Realtek\Audio\HDA\rtkhdasetting\103C82CB\APO.zip=>APO=>82cb0220=>82cb0220.txt

C:\ProgramData\SoundResearch\APO\82c11018=>82c11018.txt

 

Share this post


Link to post
Share on other sites

You should be asking those questions on the BitDefender support site.   Please do that.

Just for the record, the Windows 10 Windows Defender is a very excellent free antivirus.

 

The RTKHDASETTINGS,ZIP is related to Realtek audio,   Mine has no passwords.

 

You may do this free scan.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

 

Share this post


Link to post
Share on other sites

Thanks.  That run cleaned out one registry entry.

Lets run a different scan tool  & see what is reported, if anything.

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64

Save the file first,
Close any running programs that you started on your own ( if any).

RIGHT-click  RogueKillerx64.exe  and select "RUN As Administrator" and allow it to run the program.   Reply Yes when prompted to have it proceed.
Follow the prompts. If a browser window opens, close the window.

In the HOME tab, click Start Scan.
Upon completion, a browser window may open. Close this window.
 Important: Please do not have RogueKiller remove any detected items.
Click the HISTORY tab followed by Scan Reports.
Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
Please attach the file in your next reply.
 

Share this post


Link to post
Share on other sites

Hi.  Thanks for the Roguekiller report.   That is very good confirmation &  good  news.

There is not malware here.

We can plan to close this case.

You should be asking Bitdefender about what they had flagged.

Share this post


Link to post
Share on other sites

That is a good news. 

Thank you very much for your great help.

I think we can close this case.

I will ask Bitdefender why they flagged it.

Share this post


Link to post
Share on other sites

You re welcome.

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

 

If your security program alerts to Delfix either, accept the alert or turn your security off.

please right-click on Delfix  and choose run as administrator

Make Sure the following items are checked:

  Remove disinfection tools <----- this will remove tools we may have used.



Now click on "Run" and wait patiently until the tool has completed.

Any remaining  files/logs from tools we have used can be deleted.

.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.