Jump to content

Random file that changed not sure if its malicious


Recommended Posts

  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

No, those are special drives and should not be touched. They're part of the recovery process if needed

Did we uninstall Malwarebytes at some point? I'm not seeing it in the logs. Did you have a Trial or Paid version?

Quite late for me so heading out, but will try to check back on you over the weekend if I can

Cheers

 

Link to post
Share on other sites
  • Root Admin

That's right.

Okay, if you've done the destructive restore with it wiping out everything then the computer should be back to how it was when you first bought it.

Go ahead and reinstall Malwarebytes when ready

https://downloads.malwarebytes.com/file/mb-windows

 

Also run the following again to check for updates

 

Patch My PC Home Updater
https://patchmypc.com/home-updater

 

I'll check back on you later this weekend if I can

Cheers

 

 

Link to post
Share on other sites
  • 3 weeks later...

Hello i sorry for the late response i took the pc to best buy and i just recived it today because i would have to wait a couple months to get the stuff for the clean install so i just took it to best buy because of my warranty and they took a look at it and just gave it back to me today i just wanted to make sure that they did it right and see if they fixed the problem because ive seen some people saying they are not satisfied by geek squads work and i wanted to see if i can run the scan and upload the files and if you might be able to check them out.

Link to post
Share on other sites
  • Root Admin

Yes. go ahead and run FRST and post back the logs and I'll review them tomorrow @cynofiy

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites
  • Root Admin

There are some Events being logged. Most you need to look at reducing your Folder Access Control to stop those errors. A good tool to help protect the computer but sometimes the Controlled Folder Access is too strict.

Windows Defender:
================
Date: 2021-04-01 20:32:07
Description:
Controlled Folder Access blocked C:\Program Files (x86)\LightingService\LightingService.exe from making changes to memory.
Detection time: 2021-04-02T03:32:07.259Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files (x86)\LightingService\LightingService.exe
Security intelligence Version: 1.333.1785.0
Engine Version: 1.1.17900.7
Product Version: 4.18.2102.4

Date: 2021-04-01 20:27:43
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2021-04-02T03:27:43.375Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.333.1785.0
Engine Version: 1.1.17900.7
Product Version: 4.18.2102.4

Date: 2021-04-01 20:18:40
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2021-04-02T03:18:40.073Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.333.1785.0
Engine Version: 1.1.17900.7
Product Version: 4.18.2102.4

Date: 2021-04-01 14:32:13
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2021-04-01T21:32:13.945Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.333.1785.0
Engine Version: 1.1.17900.7
Product Version: 4.18.2102.4

Date: 2021-04-01 14:28:42
Description:
C:\Windows\System32\svchost.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2021-04-01T21:28:42.786Z
Path: %userprofile%\Videos
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.333.1785.0
Engine Version: 1.1.17900.7
Product Version: 4.18.2102.4

Date: 2021-03-31 17:09:45
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem
.

 

Not really sure why but you do have an odd error for Firefox

 

Error: (04/01/2021 07:52:52 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/01/2021 07:52:52 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

 

You could try do a Reset on Firefox to see if that helps.

 

 

Link to post
Share on other sites

Can I run the frst test again because I did notice myself some errors so I tried running chkdsk scan and it ran threw and it said scanning hard drive but it lasted like about 4 seconds and just redirected me to my login it’s like if it just skipped the scan.

Link to post
Share on other sites
  • Root Admin

Windows Defender does not appear to like this VBS script file

C:\Users\hecto\OneDrive\Desktop\Keyboardvcr.vbs

You also have a couple of other minor Events from this

 

Error: (04/05/2021 09:54:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XboxAppServices.exe, version: 0.0.0.0, time stamp: 0x6058deb4
Faulting module name: XboxAppServices.exe, version: 0.0.0.0, time stamp: 0x6058deb4
Exception code: 0xc0000005
Fault offset: 0x00000000004a82ef
Faulting process id: 0x928
Faulting application start time: 0x01d72a3c5822f58a
Faulting application path: C:\Program Files\WindowsApps\Microsoft.GamingApp_2103.1001.17.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.GamingApp_2103.1001.17.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
Report Id: aecaacad-3d7c-404e-95d7-ca471f6ea977
Faulting package full name: Microsoft.GamingApp_2103.1001.17.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.Xbox.App

 

You might try running the following from an Elevated Admin Command prompt.

 

SFC /SCANNOW

If that completes without issue and nothing wrong then that should be it. If it says it cannot fix the files then try running the DISM command, and then the SFC command again.

DISM.exe /Online /Cleanup-image /Restorehealth 

 

Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.