Jump to content

Malware bytes removed this but I need to know where it came from


Recommended Posts

Malware.AI.853400141, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\WINDOWS\SYSTEM32\SLOTMAXIMIZERBE.DLL

Malware.AI.853400141, C:\WINDOWS\SYSTEM32\SLOTMAXIMIZERBE.DLL, Quarantined, 1000000, 0, 1.0.27081, 1C28C237A168FCE032DDDA4D, dds, 00815297

 

I don't go to any strange sites, nor do I click on any downloads in emails. ad's are blocked, and I have security software both in my browser (chrome) and on my computer (mban, Windows security)

 

the mban scan last week 7/13/2020, didn't find anything but todays 7/20/2020 scan did.

 

so where did it come from, and how did it slip past mban in the first place and why didnt windows security stop it?

 

report.txt

Link to post
Share on other sites

 

Hello Heavyoak and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin..
 

 

Link to post
Share on other sites
16 hours ago, kevinf80 said:

 

Hello Heavyoak and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin..
 

 

I will not be attaching the log files as they contain far too much personal and private info, but I thank you for that tool as it has pointed out a lot of crap that I need to remove, most of it being left over from uninstalls and the lot.

Link to post
Share on other sites

Hiya Heavyoak,

Yes the issue was a definite False Positive (FP) and can be reinstated from quarantine. I asked for the FRST logs before it was realized that the file removed was infact a FP, you do not need to post the produceed logs.

To remove FRST:

Right click on FRST64 and rename to uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Thank you,

Kevin

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.