Manaphy0220 Posted April 23, 2021 ID:1452892 Share Posted April 23, 2021 Hey, I was playing Valorant a few days ago and suddenly game freezed and I heard a "beep" sound. Later after checking Windows Event Log I found out that there are many entries about unsuccesful check of code integrity (sorry if some names aren't correct, my Windows's language isn't English). It is event id 6281. I'm still using Windows 7 and want to install Windows 10 after the weekend but I still need to save some files so I want to ask if my PC is clear before doing that. I'll list a few examples of those entries: \Device\Harddisk\Volume2\Windows\System32\comdlg32.dll \Device\Harddisk\Volume2\Program Files (x86)\Valorant\Riot Games\live\engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll \Device\Harddisk\Volume2\Windows\System32\WindowsPowerShell\v1.0\pwrsip.dll \Device\Harddisk\Volume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Device\Harddisk\Volume2\Windows\System32\cryptui.dll I made scans with Malwarebytes, Adwcleaner, ESET Online Scanner and AVAST and they didn't find anything. Also tried using sfc/ scannow but it also didn't find anything. Finally, I checked discs with that windows tool and Disc D was checked properly but the tool had a problem with Disc C. It said it couldn't access the disc due to some update or something and that I should restore my system to a date prior the update. The problem is that I don't have any restoration point that would work (tried with one and it didn't help, instead it created more problems - discord stopped working and there was some error while accessing the event log. I reverted that restoration and now everything works). When I last checked those entries about unsuccesful code check were still appearing. My question is whether is my pc infected by some sort of malware or rather it is some problem with my system. And also: can I safely upload some files to Google Drive after scanning them with Malwarebytes? Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452893 Share Posted April 23, 2021 Edit: I checked the Event Log today and no entries about that event id 6281 appeared today. Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452926 Share Posted April 23, 2021 Hello Manaphy0220 and welcome to Malwarebytes, Run the following scan, lets see if anything shows up: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452936 Share Posted April 23, 2021 @kevinf80 Here You go. Don't know if it's necessary but all options were checked FRST.txt Addition.txt Shortcut.txt Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452945 Share Posted April 23, 2021 I checked Windows Event Logs once more and those entries started earlier than that day I was mentioning. What do You think? It doesn't look like an infection, does it? Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452947 Share Posted April 23, 2021 Just checking your logs, back in a bit... Do you recognize the following..? seems odd to have a picture file in that folder... Can you zip that file up and attach to your next reply... C:\Program Files\hatsunemichu.jpg Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452949 Share Posted April 23, 2021 The picture file You're talking about is that hatsunemichu.jpg, right? It is a image I once did in Paint and put in somewhere. It is basically an image of Hatsune Miku with a face of a CS proplayer nicknamed Michu. I will send it in ZIP if it's needed but that was probably me putting it somewhere. How do logs look like? Is my PC clear out of infections? hatsunemichu.zip Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452958 Share Posted April 23, 2021 Hiya Manaphy0220, I do not see any obvious malware or infection in your logs. I asked about the .jpg file due to where it was running from... Is your PC normal or do you have issues or concerns... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452965 Share Posted April 23, 2021 21 minutes ago, kevinf80 said: Hiya Manaphy0220, I do not see any obvious malware or infection in your logs. I asked about the .jpg file due to where it was running from... Is your PC normal or do you have issues or concerns... Thank you, Kevin.. I'm not sure I understand. So there isn't any malware? This is what concerns me the most cause I want to install a new system soon anyway. So I can stop worrying and can upload my files to Google Drive without problems? Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452969 Share Posted April 23, 2021 Run the following scan before going any further, FRST does not see everything... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452979 Share Posted April 23, 2021 32 minutes ago, kevinf80 said: Run the following scan before going any further, FRST does not see everything... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs One of the scanners on the virustotal (eGambit) finds that virus removal as unsafe.ai_score_98%. What does that mean? It is not dangerous, right? I alsa made scanns with ESET Online Scanner, Malwarebytes, Adwcleaner and Avast. So can I assume that everything is good if this Sophos doesn't find anything? Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452980 Share Posted April 23, 2021 I`m not really expecting Sophos to find anything, but do need a log to say all is ok with your PC before I can confirm your system is definitely clean... Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452985 Share Posted April 23, 2021 20 minutes ago, kevinf80 said: I`m not really expecting Sophos to find anything, but do need a log to say all is ok with your PC before I can confirm your system is definitely clean... Ok, thanks. Will send the logs right after the scan. Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452986 Share Posted April 23, 2021 Thanks, catchup later.... Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452990 Share Posted April 23, 2021 This one detection on virustotal is a false alarm, right? Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452992 Share Posted April 23, 2021 Can you give me the url so I can look at the virustotal result.. Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452993 Share Posted April 23, 2021 1 minute ago, kevinf80 said: Can you give me the url so I can look at the virustotal result.. Here it is: https://www.virustotal.com/gui/file/dd6a5eb092be12ea5efd7e057098e1a60c4d9d6fd8155a5799015a7020c874d6/detection Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452995 Share Posted April 23, 2021 Nothing to be concerned about with those results. I use Sophos AV on a regular basis, never had any problems... Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 23, 2021 Author ID:1452997 Share Posted April 23, 2021 Just now, kevinf80 said: Nothing to be concerned about with those results. I use Sophos AV on a regular basis, never had any problems... Ok so I don't have to be concerned about it? Okay. Will start the scan soon and send You the logs. 1 Link to post Share on other sites More sharing options...
kevinf80 Posted April 23, 2021 ID:1452998 Share Posted April 23, 2021 Sophos AV is a very good and reliable scanner... I certainly recommend it. Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 24, 2021 Author ID:1453051 Share Posted April 24, 2021 4 hours ago, kevinf80 said: Sophos AV is a very good and reliable scanner... I certainly recommend it. Here are the logs. I had to turn on the option of showing hidden folders. I cancelled the scan once when I realized that I had a few programs running. When the second scan was taking place only AVAST and Malwarebytes were running. The program also made a file named instalation logs. Should I attach it as well? BTW. I had some problems when navigating on the forum (had to click that arrow pointing to the left multiple times to get to the site I was previously on. Everything else works fine. Everything is good, right? SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Solution kevinf80 Posted April 24, 2021 Solution ID:1453058 Share Posted April 24, 2021 Hiya Manaphy0220, That log is also clean, whatever you plan to do before upgrading to W10 can go ahead... Continue to clean up: Uninstall the following program (unless you prefer to keepit):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\Admin\Downloads\frst\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 24, 2021 Author ID:1453078 Share Posted April 24, 2021 7 hours ago, kevinf80 said: Hiya Manaphy0220, That log is also clean, whatever you plan to do before upgrading to W10 can go ahead... Continue to clean up: Uninstall the following program (unless you prefer to keepit):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\Admin\Downloads\frst\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... So everything is good? I think I will keep the programs because I will most likely install W10 after the weekend. I have a question about that Sophos. When I use right mouse button on the icon and click at the properties and that window with information appears I can't click that option which opens the localization on the file (it's inactive). Why is that? Thank You very much for Your help. Link to post Share on other sites More sharing options...
Manaphy0220 Posted April 24, 2021 Author ID:1453079 Share Posted April 24, 2021 Also I clicked logged out and a page saying that I don't have permissions appeared. It happened once and now everything is working fine. It isn't anything serious, is it? Link to post Share on other sites More sharing options...
kevinf80 Posted April 24, 2021 ID:1453098 Share Posted April 24, 2021 Hiya Manaphy0220, Regarding localization of Sophos, I assume you have Shortcut tab open on properties window? I believe that happens because Sophos has no active service. If you type services.msc into the search function and open that window you will note there is no active servoce for sophos, however a security program such as Malwarebytes does. If you check the localization of Malwarebytes as you did for Sophos its target is not greyed out and is active... Does that help..? Sophos av does not give active realtime protection, it is basically a stand alone scanner... Regarding your other query regarding logging out, i`m not really sure what you mean. Are you referring to logging out of Windows, if so I have no answer to that one. Maybe ask the question in general Windows PC help: https://forums.malwarebytes.com/forum/6-general-windows-pc-help/ Thank you, Kevin... Link to post Share on other sites More sharing options...
Recommended Posts