Jump to content

api.packetshare.io/wdf.exe


Jef1982

Recommended Posts

hi! I'm having trouble with this pop up in malwarebytes about blocking some outgoing connection to api.packetshare.io. Is that a virus or something? 

I already deleted the Windows Driver Foundation from the Windows folder, but still it giving me the pop up notification about that website blocked on MB.

How do I stop the pop up notification about that specific domain? It's getting annoying,. 

 

Regards,

Jef

mal1.jpg

mal.txt

Link to post
Share on other sites

Hello @Jef1982 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Link to post
Share on other sites

@Jef1982

Unfortunately, you do use illegal/pirated software (windows itself as well):

Quote

Task: {BCCDAE1E-D6D8-4FC0-B65D-C28BD55ECC1F} - System32\Tasks\R@1n-KMS\Office16ProPlus => C:\Windows\System32\Wbem\wmic.exe [576000 2022-08-04] (Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate


Task: {A2CC15A8-4B80-4BAC-89CD-063674EF8561} - System32\Tasks\R@1n-KMS\Windows100Professional => C:\Windows\System32\Wbem\wmic.exe [576000 2022-08-04] (Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate

Malwarebytes does not support software piracy.

@AdvancedSetup

Link to post
Share on other sites

  • Root Admin

Hello @Jef1982

We will assist you in removing malware but in this case many forms of KMS are well known to infect computers. If you want our assistance we'll remove all these types of malware threats as well. We will not assist you with ongoing piracy but we will help you remove malware threats which often are due to pirated programs.

Let me know how you'd like to proceed

Thanks

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

It's listed above. KMS is being used to steal Windows and or MS Office

However what many people don't realize is that there are several methods to steal the software but many will in fact fake the activation but also infect you and steal your data from you in the background.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.