1
Malware removal help / Re: dwm.exe Proc.Injected
« on: February 05, 2018, 08:19:18 PM »
using 12.12.3.0 and still get Proc.Injected C:\Windows\System32\dwm.exe on all my PCs?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
RogueKiller / Re: ===> False Positives <===
« on: December 14, 2017, 05:52:20 PM »
yes, 12.11.28 did get rid of Anydesk. the last one is Sharks Codecs. thanks
3
RogueKiller / Re: ===> False Positives <===
« on: December 12, 2017, 09:26:20 AM »
Anydesk? I have been using it...
4
Malware removal help / Re: osiris ransomware
« on: January 16, 2017, 01:08:09 AM »
I had Macrum reflect making images nightly, Quickbooks online backup wasn't working, they said because we didn't have enough memory??. how lame is that. had to go back to a backup on flash drive a week old. this ransomeware thing is out of control, 2 PCs in a week. I have images. still...
5
Malware removal help / osiris ransomware
« on: December 31, 2016, 06:59:34 AM »
osiris ransomware got us, we restored from an image made before and still see some files. roguekiller is hung on one of them right now we are very scared at this point. this is just a big mess.
6
Malware removal help / Re: dwm.exe Proc.Injected
« on: December 31, 2016, 06:56:24 AM »
this comes up on every scan on every PC
7
Malware removal help / Re: dwm.exe Proc.Injected
« on: November 09, 2016, 11:49:42 PM »
when roguekiller goes in a loop?
8
Malware removal help / Re: dwm.exe Proc.Injected
« on: September 09, 2016, 04:45:53 AM »
RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Don [Administrator]
Started from : C:\Users\Don\Desktop\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/08/2016 19:14:45 (Duration : 00:11:04)
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] dwm.exe(1880) -- C:\Windows\System32\dwm.exe[7] -> Found
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM ST1000DM003-1ER1 SCSI Disk Device +++++
--- User ---
[MBR] 65b531c3537f31e45c3211ef8a06f7f8
[BSP] c104aa894c15d2f84e580a66f07857cf : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 81920 | Size: 24802 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 50876416 | Size: 929026 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Don [Administrator]
Started from : C:\Users\Don\Desktop\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/08/2016 19:14:45 (Duration : 00:11:04)
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] dwm.exe(1880) -- C:\Windows\System32\dwm.exe[7] -> Found
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3142311046-1334442230-1924139417-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM ST1000DM003-1ER1 SCSI Disk Device +++++
--- User ---
[MBR] 65b531c3537f31e45c3211ef8a06f7f8
[BSP] c104aa894c15d2f84e580a66f07857cf : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 81920 | Size: 24802 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 50876416 | Size: 929026 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
9
Malware removal help / dwm.exe Proc.Injected
« on: September 09, 2016, 12:03:05 AM »
How to tell if this is false positive and just Desktop Windows Manger? comes up Proc.Injected in C:\Windows\System32\dwm.exe
Thanks
Thanks
Pages: [1]
