Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

PE_File.dll removed but always comes back, is it a false positive ?


Recommended Posts

  • Root Admin

Hello @chris_63

Can you please post back the log showing the block and removal?

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Well the file shouldn't be coming back. The file does not appear to be infected but I've submitted it for review. @chris_63

Let me have you do the following please.

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

 

 

Link to post
Share on other sites

  • Root Admin

Okay, part of your issue is probably due to running more than one Antivirus suite.

You're running both Avast and Comodo Antivirus

Please temporarily uninstall both of them. Don't worry Windows Defender is built into Windows and is a decent antivirus so you'll have protection with both Avast and Comodo removed.

Then restart the computer one more time and get me new Farbar logs please.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Thank you @chris_63

Please go ahead and uninstall the following from the Control Panel

Bonjour
 

 

The logs indicate there are a few issues going on with the system. We'll see what we can do to possibly correct some of them.

 

System errors:
=============
Error: (02/11/2022 03:11:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Acronis Managed Machine Service Mini service did not close properly after receiving a pre-close command.

Error: (02/11/2022 03:11:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for the transactional response from the AcrSch2Svc service.

Error: (02/11/2022 03:10:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for the transactional response from the AcrSch2Svc service.

Error: (02/11/2022 03:09:20 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 16 failed to bind to its provider.

Error: (02/11/2022 03:09:20 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 16 failed to bind to its provider.

Error: (02/11/2022 03:04:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for the transactional response from the avast! Tools.

Error: (02/11/2022 03:03:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (02/11/2022 03:03:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:59:31 on ‎11.‎02.‎2022 was unplanned.

 

You may need to setup exclusions between Malwarebytes Premium and Acronis Cyber Protect Home Office so they don't step on each other.

Please see the following article on setting that up if needed.

https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

 


Are you still using this software from 2010?

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)

 

Are you still using CloneCD Tray from 2009?

HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.) [Fichier non signé]

These are also from Slysoft which are valid tools - just checking if you're still using them or not as they consume resources every time you start the computer.

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [123840 2010-06-09] (SlySoft Inc. -> SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [123840 2010-06-09] (SlySoft Inc. -> SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)

 

 

 

The logs still show that Comdo was not uninstalled. Please go to Control Panel, Programs, Programs and Features and uninstall the following.

  • Internet Security Essentials

 

Once that has been uninstalled please run the following fix. Warning: If you don't uninstall Internet Security Essentials this fix might not run correctly or may cause issues difficult to correct so please uninstall and reboot before running the fix.

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Hello, i have made exclusion rules for the different programs and also put them in passive mode apart from  Malwarebytes, uninstalled the firewall, it is much faster at startup , seems to be fine thank you. Deleting files doesn't feel too secure for me.

I still run some old programs from  Slysoft and the game controller is new, sounds strange that it would have a driver from 2010.

Link to post
Share on other sites

  • Root Admin

I have the same tools but mine are not old.

It's up to you but I've run this generic clean up script on hundreds of computers this year alone and not one single broken computer from it. It's simply checking OS files, cleaning temp files, resetting network back to default settings, etc.

 

Link to post
Share on other sites

Hello, here are the files, the other antivirus and firewall where removed before processing.  The other day it was weird, Windows loaded a temporary profile and i had no access to my files, after a reboot it went back to normal, that made me stress ! There are some applications like Ashampoo i have removed but are in the logs. Acronis is in passive mode because i only use it for backups and i don't want it to interfere with Malwarebytes.

Thank you for your help !

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Good day Chris, these still show you have not uninstalled them. @chris_63

 

COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)

Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)

 

You need to please go to Control Panel, Programs, Programs and Features and uninstall them

Let me know if you have trouble uninstalling them or need more detailed directions.

Thank you

 

Link to post
Share on other sites

It was uninstalled when in used Farbar, i just reinstalled the firewall only after, i find it easy to use and removed the antivirus and browser i  don't care for. Is runing only the firewall causing problems with other applications ?

Thank you

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.