Jump to content

Can't remove supershieldhookcpy32.dll


jhsawyer
 Share

Recommended Posts

So I recently did a complete scan and Malwarebytes found this supershieldhookcpy32.dll file and suggested I reboot to complete removal; however, I have rebooted 22 times and it's still there? Any ideas how I fix this?

When I open the web browser I get the first screen shot then after about 3 seconds it switches to the mandatory reboot screen; and the cycle repeats indefinitely; it's as if the Malware program is conflicting with pc matic and supershieldhookcpy32.dll specifically; which is strange because I have pc matic added to allowed programs within the malwarebytes program and they have operated just fine for the last 15 months or so.

 

2020-05-02 (2).png

653174507_2020-05-02(3).png.f5afdb0af686edadc701ca08f87a7e9b.png

Link to post
Share on other sites

15 minutes ago, jhsawyer said:

Here it is as well.....

Not saying it does not need to get fixed but I would add C:\Program Files (x86)\PCPitstop to the Malwarebytes allow list. for starters the follow the rest below.

I always recommend the following for all 3rd party AV programs other than Defender.

Quote

I would  also recommend creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues.  Please add the items listed in this support article to Your AV 's allow list(s)/trust list(s)/exclusion list(s) particularly for any of its real-time protection components and likewise add Your AV 's program folder(s) (likely located under C:\Program Files and/or C:\Program Files (x86)) to Malwarebytes' Allow List using the method described under the Allow a file or folder section of this support article and do the same for its primary data folder which is likely located under C:\ProgramData (you may need to show hidden files and folders to see it).

Also your Malwarebytes is one release version out of date. Settings-General- Check for application updates.

Edited by Porthos
Link to post
Share on other sites

17 minutes ago, jhsawyer said:

I already added pc matic to the allow list; no change;

The following are your only exclusions you have. No PC Matic in the list.

Quote

Exclusion Info:
==================================
Malware Exclusions:
C:\USERS\JEFFREY\DESKTOP\65237-THEJASPER-FAR CRY 5 TRAINER.EXE                                          [file]
C:\USERS\JEFFREY\DOWNLOADS\SW2-THEJASPER-F14D7AD022D8957.ZIP                                            [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\GTA5-THEJASPER-A491B8F978F370C\GTA5-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\MP3-THEJASPER-611F77102309341\MP3-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\BL2-THEJASPER\BOR2-THEJASPER.EXE                                      [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\RAGE-THEJASPER-F05E7A8E0301B36\RAGE-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\CXL-THEJASPER-2FB7A8015E2A7C9\CXL-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\GT4E-THEJASPER-73A0089F91319CC\GT4E-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\IAA-THEJASPER-58BDCC909D4F91D\IAA-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\ARM3-THEJASPER-C6862A5D02B5C3D\ARM3-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\LAN-THEJASPER-B341621255EB41A\LAN-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\JC2-THEJASPER-1C05E111AE6BEC9\JC2-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\MAF2-THEJASPER-78BAB995F6DAB3C\MAF2-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\BAO-THEJASPER-5045C9D12B770CC\BAO-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\CRY3-THEJASPER-C63BC3C28E131EE\CRY3-THEJASPEROLDER.EXE                [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\TDU2-THEJASPER-D5FBD5E830692E1\TDU2-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\BAC-THEJASPER-7F0A931F68A2559\BAC-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\SLPD-THEJASPER-A204A104FBA8540\SLPD-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\CDAW-THEJASPER-6AF2F21803D0E4C\CDAW-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\CRY3-THEJASPER-C63BC3C28E131EE\CRY3-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\AW-THEJASPER-E9ED526449D0CDA\AW-THEJASPER.EXE                         [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\MLL-THEJASPER-3A567B9708D91B3\MLL-THEJASPER.EXE                       [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\FCBD-THEJASPER-F04EAE3D8739C85\FCBD-THEJASPER.EXE                     [file]
C:\USERS\JEFFREY\DESKTOP\TRAINERS\TR13-THEJASPER-20AA162A709D366\TR13-THEJASPER.EXE                     [file]

 

 

Link to post
Share on other sites

Ok - so I added the folder for pc matic but that didn't do anything; so I added the previously detected exploit and that seems to have made a difference; UPDATE: Nope After I rebooted it came back; I am about to give up and completely remove this software; any final thoughts?

 

 

 

Link to post
Share on other sites

1 hour ago, jhsawyer said:

so I added the folder for pc matic but that didn't do anything

You added all PC matic folders from all locations to the allow list? Have you also added all the files listed in the link above to PC Matics exclusion list as well?

 

1 hour ago, jhsawyer said:

any final thoughts?

Also Wait for @LiquidTension to get back to you before you make any final decisions on removing MB.

Link to post
Share on other sites

Thank you for the logs. We are investigating this issue further. We've seen similar issues in the past with this software which we were able to fix.

In the meantime, which hash did you add as an exclusion for previously detected exploit? There appears to have been detections for two different hashes: D853801ADC91B14A4445D5207FBC167D and 2BA9985E37335DDC558D290610B35832

Please ensure both are added to the previously detected exploit exclusions.

Link to post
Share on other sites

  • 1 month later...

I have to say; your software is completely shitting the bed here. I have listed this process as safe and added to the exclusion list (BTW, I should not have to do this!) from PC Matic Super Shield and it went away for like 3 weeks; now it's back detecting the same program for a "Generic" malware, which is completely FALSE. I understand that Malwarebytes and PC Matic are having a family feud over these issues, however, Can I please ask that you refrain from taking it out on the public who is simply trying to use their computers; Is that too much to ask?

Link to post
Share on other sites

12 hours ago, jhsawyer said:

I have to say; your software is completely shitting the bed here. I have listed this process as safe and added to the exclusion list (BTW, I should not have to do this!) from PC Matic Super Shield and it went away for like 3 weeks; now it's back detecting the same program for a "Generic" malware, which is completely FALSE. I understand that Malwarebytes and PC Matic are having a family feud over these issues, however, Can I please ask that you refrain from taking it out on the public who is simply trying to use their computers; Is that too much to ask?

Greetings,

It sounds as though the detection is coming from the machine learning heuristics engine which is separate from the Exploit Protection module which was causing the FP originally reported in this thread.  To get the FP corrected, please refer to the information in this topic and create a new topic in the appropriate FP area by clicking here and a member of Research will investigate and get the FP corrected.

Thanks

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.