Jump to content

Windows notification sound, failed update and unusual window after clicking


Recommended Posts

Thank for Your help as always. Here are the logs (a few seconds after starting the FRST scan Malwarebytes started its automatic scan. I hope it isn't a problem. 

 

Sorry for being paranoic but one of virustotal scanners detects something in that Process Explorer (screenshot) and there is one community comment saying "fake process explorer"? (I put the zip folder to the virustotal). I know it should be safe if You recommend it but I just wanted to be sure.

 

proc.png

FRST.txt Addition.txt Shortcut.txt

Link to post
Share on other sites

  • Root Admin

That is a False Positive. The tool I recommended is directly from Microsoft and uses signed drivers. It is 100% safe to use.

Please run it and look to see what is running under the COM Surrogate

Show me a screenshot

 

Then also run the following for me. This too is a Microsoft tool and 100% safe to use.

 

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures and Check VirusTotal.com and Submit Unknown Images
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

image.png

 

Thanks

 

Link to post
Share on other sites

@AdvancedSetup

After changing the options it asked me if i want to make a scan. I pressed f5 too. I had to accept virustotal's privacy and policy and there was something about gathering data such as password. Nothing bad will happen, right?

Screenshot presents the other tool (for a second one of the processes close to COM Surrogate was orange/red but it disappeared/changed color).

Can I dalete those programs now? How should I do it?

 

 

com sur.png

autoruns.zip

Link to post
Share on other sites

  • Root Admin

Please just  slow down and try to relax. It's good to be cautious but if you're going to be paranoid about using a computer that's not good.

There is zero reason to delete or remove anything until we resolve your issue.

The red/orange is only due to processes happening and is normal

 

You can click the columns to sort by CPU Private Bytes, etc.

Sort by each and find this 50% usage you were showing before please.

 

Link to post
Share on other sites

Thank You. I'm not sure what should I look for. Maybe the screenshots will be enough.

I've found that process (in the last screen, it is highlighted by a mouse click). I've seen another process with the same name appearing for a while (red color). 

 

pr1.png

pr2.png

pr3.png

pr4.png

Edited by Manaphy0220
Link to post
Share on other sites

16 minutes ago, AdvancedSetup said:

Whatever was causing that issue is no longer present. CPU usage is on average under 5% Physical disk reads/writes are very low too.

I'm not seeing the issue you reported about 100% disk usage anymore or high memory

 

@AdvancedSetup

When I was observing it it was increasing and decreasing (sometimes 100% and sometimes 3-6%). Most time I checked was soon after launching the pc.

So how does it look like overall? If I understand it correctly then everything seems to be good and I can use the pc without worrying. Is it right?

I also asked about that Advanced protection Windows Defender service that is turned off. Is it connected to some information that user can choose to share or not to share? The PC is protected now isn't it?

The data gathered by those tools is safe, right? There was that warning about some data like password.

There were also some corrupted files but sfc /scannow repaired them.

What should I do now? Sorry for so many questions.

Edited by Manaphy0220
Link to post
Share on other sites

7 minutes ago, AdvancedSetup said:

Can you please translate ALL columns exactly what they say in English for that entry

 

Thank you

 

It should be something like that:

Advanced protection from dangers/threats in Windows Defender service.

Service Advanced Protection from malware in Windows Defender allows protection from advanced threats by monitoring and raporting security events that are happening on the PC.

About the discord I've asked some people about the version and they say they have the same version as I do. 

 

Edited by Manaphy0220
Link to post
Share on other sites

  • Root Admin

Yes, this setting is correct.

http://batcmd.com/windows/10/services/sense/

 

At this time all looks good with the computer. As I've stated a few times though, it is highly recommended that you have an external USB hard drive that you use to backup your data and if possible use an imaging program like Macrium Reflect or Acronis Trueimage

 

Is there anything else I can assist you with before we close up here?

 

Link to post
Share on other sites

I don't understant that question about using a translator if everything is good. Sorry for mistakes I've made.

So everything looks good? If that's true then I think that's all. Maybe quick questions:

1) what about that discord? Looks like it's updated as more people have the same version as I do

2)what does that advanced protection service? I don't have to turn it on?

3)it that high usage happens again and then decreases then I shouldn't worry, right?

Edit: oh and what to do with those programs I downladed?

Edited by Manaphy0220
Link to post
Share on other sites

  • Root Admin

Just asking about translation as I was going to post an image. Images cannot be easily translated is all. It turns out I found a webpage to show you so I didn't need to use the image.

The updater from Discord is over a year old. It's possible that is their newest but seems unlikely.

Advanced Protection is just fine. Leave it alone. It's is set on manual so that when it's needed the system enables it, not you.

The high disk usage and memory use could have been due to a compatibility check or a Windows update check which Microsoft runs on it's own from time to time. Normally even on a huge one it will abate on it's own within a couple hours. Most of the time is just five or ten minutes is all.

 

You can delete all programs we've used. You can rename FRST64 to UNINSTALL and run it and it too will uninstall.

 

Link to post
Share on other sites

I think I will keep FRST but if I decide to delete it then I'll use Your advice. Rest of the programs can be just deleted as they didn't install, right?

And about the discord. If I want to reinstall it then I should uninstall it from the Control Panel (Add and remove programs) and then install a new one after a pc's reboot?

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.