Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Heantrad

Pages: 1 [2] 3 4 ... 7
16
It's the domain a.pomf.cat clean?
I've seen in virustotal, pomf.cat and a.pomf.cat appear clear, but when pomf is hosting a file (In my case I opened the link trough RES, so I didn't left Reddit but I could hear the audio file it was beign hosted) it has a malicious detection and a suspicious one.




17
Hi Heantrad,

These files are linked to Olark chat widget. They are certainly harmless.
If you want to delete them, delete the following folder :
Quote
C:\AdwCleaner

Regards.
The thing is that I alredy deleted them, but as showed by the other image I linked too, it seems that they haven't got deleted, althought AdwCleaner doesn't detect anything anymore.
Also, is urlrevealer.com a good url revelar page, or is there any better ones out there?, as I've readed that it might be a fake site.

18
Hi Heantrad,

pcalua.exe is the Program Compatibility Assistant.  The Program Compatibility Assistant is an automatic feature of Windows that runs when it detects an older program has a compatibility problem.
Since you don't use TronScript any more, you can safely delete the task.

Regards.
I did a scan with AdwCleaner and it detected a pair of files, I'll delete them now.
Any idea of what could it have been?
I unistalled AdwCleaner it to empty the quarantine, but it seems the files still are there.

19
Hi Heantrad,

quizyourfriends website is safe.

Regards.
So I was checking the task scheluder and I noticed a task with a strange name.
It activates when you create or modify a task, and the action is to execute a program.
I included an image with the task's action details.
I did install TronScript time ago, but I alredy deleted it, so, what does the task do and what would it happen if it was executed?, as it stills active.

20
Hi Heantrad,

Quote from: Heantrad
So, it's up to me to decide if that was a PUM or not then.
Well, it seemed a legit google page, so I don't know, about the perserve bar entry, no idea.
Yes. If it's google, it's legit. ;)

Quote from: Heantrad
No, I didn't click on the link, but as it seems, it's a new scam, as there isn't any information on Google about that page.
Since you didn't click on the link, you dont have to worry.

Regards.
So, I checked the firewall rules that CCleaner can remove, they're all from Java, and as I'm going to reinstall Java later or sooner again, I will not remove them.

Also, yesterday a friend sended me a message on the phone with a link to a webpage named quizyourfriends , it sounded as a webpage that wasn't safe, so I didn't opened it, but by mistake I clicked it and opened it. I wanna ask, is that site safe? I ask because I have Chrome synchronized on PC and Smarthphone, so I suposse the data of it would have sync after that, I suppose.

21
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: December 23, 2015, 07:57:44 pm »
Hi Heantrad,

Quote from: Heantrad
So they were false positives.
Those entries are PUMs, they must be interpreted manually.
Please refer to this post for more information.

Quote from: Heantrad
Also, I sended you a PM with what seems a new Skype scam, as there isn't any information of it on the internet.
Your friend is most likely infected. Did you click on the link ?

Regards.

So, it's up to me to decide if that was a PUM or not then.
Well, it seemed a legit google page, so I don't know, about the perserve bar entry, no idea.
No, I didn't click on the link, but as it seems, it's a new scam, as there isn't any information on Google about that page.

22
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: December 23, 2015, 12:17:40 pm »
Hi Heantrad,

Yes, they were legit.
Your report is clean.

Regards.
So they were false positives.
Also, I sended you a PM with what seems a new Skype scam, as there isn't any information of it on the internet.

23
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: December 20, 2015, 01:52:52 pm »
Hi Heantrad,

Quote from: Heantrad
This is what I meant with that CCleaner can delete firewall rules (first image).
I'm sorry, I was not aware that CCleaner incude such a feature.

Quote from: Heantrad
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
Difficult to say.
You could download NVIDIA drivers latest version using NVIDIA Driver Downloads.

Regards.
First of all, sorry that it took me so long to reply.
So, I did a Roguekiller scan and it detected some new PUMs related to IE, I'll attach a txt log (I also have a json one, if you need it tell me and I'll send it).
After eliminating them (the IE ones only, as the DNS ones are legit, as you told me), the default homepage is MSN and the default search engine Bing, there wasn't (and stills without beign) any search bars
Were those legit or not?
As always, thanks.

24
RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)
« on: November 10, 2015, 06:17:36 pm »
Hi Heantrad,

To my knowledge, CCleaner doesn't include such feature.
You will need to to this using Windows Firewall with Advanced Security module.

Regards.
So, the removal process of MBAM has ended.
This is what I meant with that CCleaner can delete firewall rules (first image).
Not, there's left the removal of the second Program Files and the Nvidia's drivers problem.
Also, about Nvidia's Drivers, today I recieved an update, after I installed it and tried to close the installation window Nvidia Gefore Experience crashed, when I openned it again through a direct acces on my desktop and checked what happened, it said that the update was still avalible, I searched for updates to see if that was an error and it looked like if the update wasn't installed at all.
I checked Nvidia's files and they seem to have been updated but in the drivers part of Nvidia Gefore Experience it says I have an old version of the drivers.
So it's just an error with NGE?
And sorry that it took me that long to reply back with more news about all this.

25
Hi Heantrad,

Quote from: Heantrad
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
They never ever will do this.

Quote from: Heantrad
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
Chrome warns you that the webserver is using SHA-1 hashing whitch is vulnerable to some extend to Collision attacks.
You don't have to worry about that. Microsoft will update it a day or another.

Quote from: Heantrad
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
There is unfortunately no way to do this automatically.

Regards.
Is CCleaner a good way to delete Firewall rules? It's because I'm afraid of doing something wrong with something as important as that.

26
Hi Heantrad,

Quote from: Heantrad
Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
All of same link to the same RKill application.

Quote from: Heantrad
Has the Outlook (hotmail) design changed?
I'm not using it, so I'm not the right person to ask. ;)

Regards.
I know you don't use Outlook, but today this appeared on the Outlook page (first image).
I use adblock for security reasons (so I can avoid ads giving me malware, and I don't know if the ads from that page can give malware), but I'm kind of untrustful towards Microsoft, and I know they're capable of making the conexion unsafe just because I use an adblocker, is that possible?
Also, Chrome says this (second image) about the conectivity of the page, what does it mean?, I remember that it was in green short ago (totally encrypted with modern encryptation), also I censored it because I don't know if it's safe to say what type of conectivity a page has, if you tell me it's safe I'll send a version without the MS Paint quality censor.
And when you enter the page, if you don't do nothing, it appears this instead (third image), if you change folders twice (from inbox to unwanted mail to inbox again for example), it changes to the image shown before.
I've tried to analyze the url with Safeweb and TotalVirus but it uses various link on the process of login in, so I don't know which of them is the correct one to analyze.
If any of those things is true, can I transfer my outlook account into a gmail one? I mean, will I need to change my e-mail direction for every account I have to my new gmail one or there's a way to do it automatically?
Also, sorry for the screenshots in Spanish, I'll translaten them if necesary.

27
Hi Heantrad,

Quote from: Heantrad
Heantrad
Yes, you could.

Regards.
So, I'm recieving help in the MBAM's forums again for a pair of problems that were left in the air.

Meanwhile, I always had a doubt, when you go to download RKill on BleepingComputer, which of the three disponible downloads is the good
one?
Has the Outlook (hotmail) design changed?

28
Hi Heantrad,

Quote from: Heantrad
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.

So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?

I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Again, I'm no Steam Guru, so it's difficult for me te help you.
You always could "up" your thread at the Steam forum, if it's ignored for too long.

Quote from: Heantrad
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
If you didn't download anything strange, it's probably safe.
Firewall rules are not auto-removed when you uninstall a program. :)

Quote from: Heantrad
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.
There exists numerous routeurs manufacturer and setups. I would advice you to open a new thread on your ISP forum board. They will be more skilled than me helping you with it.

Regards.
I think I didn't download anything strange. Yes, just checked the downloads on my browser and I only downloaded a new version of AdwCleaner and a pair of images.

So, should I manually remove the firewall rules of Java?

29
Hi Heantrad,

Quote from: Heantrad
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?
If you keep it updated, you are safe.

Regards.
So, the reset didn't work?
Here's the explanation I gave on another thread I opened on the Steam Forums.

So, I posted another two thread asking for help at resetting Steam's browsing, and I ended up deleting those folders.
C:\Program Files\Steam\appcache\httpcache
C:\Program Files\Steam\config\overlayhtmlcache
C:\Program Files\Steam\tenfoot\config\httpcache
They also told me to delete C:\Program Files\Steam\config\htmlcache but I couldn't find them.
The thing is that after deleting them, only the first one was created again, the rest not, and the browser didn't got reseted (at least that's what it seems).
Anyone can tell me if those where the correct folders or if I messed it up?

I didn't delete any folders luckily, just moved them, and now I moved them to their correspondent place again, probably.
The thread hasn't got a reply yet, so I'll guess it will be lost in the inmensity of the forums alredy, so I'll leave the browser in peace for now, as it isn't doing anything strange.
Anyways, yesterday I noticed some strange options that appeared on the allow programs section of the firewall, I don't know if it's safe to post images with the programs that are allowed in your firewall, so I'll not post them until you say me if it's safe or not.
They seem legit, but they weren't there before (and one of them is from Java, so I don't know why the firewall rule stills there if I unistalled it), but I prefer to have caution with this stuff.
Also, is there any way to check the router to know what machines are conected to it? As it's acting a bit strange (the light that indicated that the cable conection is working blinks really fast) and I want to know what's happening and if it's necesary, reset it.

30
Hi Heantrad

Quote from: Heantrad
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
I have really no idea. You could always try.

Quote from: Heantrad
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
DelFix won't harm your computer in any case. ;)

Regards.
Well, I think this is a definitive answer to the Steam browser thing.
Also, maybe this has an obvious answer, but, can malware spread trough Skype calls?

Pages: 1 [2] 3 4 ... 7