1
RogueKiller / Re: ===> False Positives <===
« Last post by coldi on September 16, 2018, 03:09:02 pm »Sorry took a moment but here https://drive.google.com/file/d/15YH_ZymVP9ohOxTfGGwpVIbrhE77NpLG/view is the file.
regards
regards
Recent Posts
2
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on September 15, 2018, 07:11:37 pm »Hi coldi,
We need to retrieve more information.
Please follow the following process :
We need to retrieve more information.
Please follow the following process :
- Download Process Explorer (x64) and save it to your desktop.
- Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
- Locate the process named Wow.exe, do a right click on it and select Create Dump > Create Full Dump...
- Save the dump on your desktop and compress it.
- Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.
3
RogueKiller / Re: ===> False Positives <===
« Last post by coldi on September 15, 2018, 05:20:00 pm »Hi there, I think I stumbled on a false positive. Latest scan detected the world of warcraft .exe as something seemingly harmful. I add the report.
best regards
best regards
4
Malware removal help / Re: infecté par utililab nitro browser, uniblue pc mechanic & OneSafe uninstaller
« Last post by Curson on September 04, 2018, 10:18:44 pm »Bonjour,
Meilleures salutations.
Quote
quand on veut télécharger l'installeur de "Crash dump extractor" ici ça me mets page d'erreur, est ce normal ?Merci d'utiliser le lien suivant : Download CrashDumpExtractor.
Meilleures salutations.
5
Malware removal help / bug & blocages/infections empêchant windows update & mise à jour vers w8.1
« Last post by Jonathan Carribon on September 04, 2018, 08:41:15 am »Bonjour curson, tigzy & les autres,
j'ai depuis le dernier formatage de mon pc windows 8 avant-hier, l'explorer & internet explorer, & le bureau qui bug, et qui bloque,
du coup ça me bloque windows update,
je souhaite installer windows 8.1, mais pour ça faut installer toutes les mises à jour windows update,
il faut quoi pour réparer ces bugs ?:
combofix ?,
bitdefender ?,
hitman.pro ou wise care 365 ? (opération armée de la marine)
quand on veut télécharger l'installeur de "Crash dump extractor" ici ça me mets page d'erreur, est ce normal ?,
je veut installer cde gratuit version dans quelques secondes pour pouvoir acquérir sa version payante pas très cher à 50 euros en 2019 !!!!
ci dessous lesz rapports zhpdiag & pre_scan:
Merci...
j'ai depuis le dernier formatage de mon pc windows 8 avant-hier, l'explorer & internet explorer, & le bureau qui bug, et qui bloque,
du coup ça me bloque windows update,
je souhaite installer windows 8.1, mais pour ça faut installer toutes les mises à jour windows update,
il faut quoi pour réparer ces bugs ?:
combofix ?,
bitdefender ?,
hitman.pro ou wise care 365 ? (opération armée de la marine)
quand on veut télécharger l'installeur de "Crash dump extractor" ici ça me mets page d'erreur, est ce normal ?,
je veut installer cde gratuit version dans quelques secondes pour pouvoir acquérir sa version payante pas très cher à 50 euros en 2019 !!!!
ci dessous lesz rapports zhpdiag & pre_scan:
Merci...
6
Malware removal help / Re: Possibly infected with a Bitcoin farmer malware
« Last post by Curson on August 22, 2018, 04:49:18 pm »Hi Dyav,
I'm sorry, but I can't do this. If you do not want to uninstall the game, please scan the following file for malware using VirusTotal :
Do not execute this Setup.vbe again, this is probably the malware installation file.
Regards.
I'm sorry, but I can't do this. If you do not want to uninstall the game, please scan the following file for malware using VirusTotal :
Quote
I:\ (x86)\Life is Strange\Binaries\Win32\LifeIsStrange.exePlease keep in mind that a clean result won't guarantee that the file is harmless, but it's a good indicator.
Do not execute this Setup.vbe again, this is probably the malware installation file.
Regards.
7
Malware removal help / Re: Possibly infected with a Bitcoin farmer malware
« Last post by Dyav on August 21, 2018, 03:14:54 am »I think you are right! I indeed downloaded a cracked version of the game from a website called Ocean of Games, I'm kinda disappointed because I've been using that website for years and never got anything bad from it.. When I searched 'Ocean of Games' and 'malware' the first thing to pop up was a bitcoin malware
It would be a bummer removing it, but I will do it if necessary.. Do you think that if I open the game the malware will appear again?
I could leave you the files from the game ZIP I downloaded so you can analyze it and see what it did (i wont include the big files), to install it I had to open a Setup.vbe which I definetely think is where it started, then I would get an .ISO to create the virtual disk and install the game. Let me know.
Also I guess I'll just live with the big Windows folder, I thought it to be abnormally big
Thanks, bye!!
It would be a bummer removing it, but I will do it if necessary.. Do you think that if I open the game the malware will appear again?
I could leave you the files from the game ZIP I downloaded so you can analyze it and see what it did (i wont include the big files), to install it I had to open a Setup.vbe which I definetely think is where it started, then I would get an .ISO to create the virtual disk and install the game. Let me know.
Also I guess I'll just live with the big Windows folder, I thought it to be abnormally big
Thanks, bye!!
8
Malware removal help / Re: Possibly infected with a Bitcoin farmer malware
« Last post by Curson on August 20, 2018, 09:38:48 pm »Hi Dyav,
The source for this type of infection is cracks.
I saw suspicious tasks linked to Life Is Strange game. If you cracked it, it may be the source of the infection and should be removed altogether.
The difference between the disk space usage report must be because hidden system files are not counted when using the "select all the folders" method. As for the big size of the Windows folder, this is normal. The winsxs folder will grow in size when new system updates are applied. The pagefile.sys is used for disk-write memory caching. You can disable this behaviour to recover the space used by the file, but I strongly advise you to keep it this way, since this can cause issues with the system.
Regards.
The source for this type of infection is cracks.
I saw suspicious tasks linked to Life Is Strange game. If you cracked it, it may be the source of the infection and should be removed altogether.
The difference between the disk space usage report must be because hidden system files are not counted when using the "select all the folders" method. As for the big size of the Windows folder, this is normal. The winsxs folder will grow in size when new system updates are applied. The pagefile.sys is used for disk-write memory caching. You can disable this behaviour to recover the space used by the file, but I strongly advise you to keep it this way, since this can cause issues with the system.
Regards.
9
Malware removal help / Re: Possibly infected with a Bitcoin farmer malware
« Last post by Dyav on August 20, 2018, 06:01:32 pm »Thanks, that's good to know! Do you have any idea of where this may have originated from or what it actually was? I'm really curious and wanna know where I got it, was I right to think it started with the MicrosoftRuntimeUpdate.vbe?
By the way since I used RogueKiller the first time it all went back to normal, I just wanted to make sure it was all ok, especially because my anti-virus progams (avast and malwarebytes) didn't detect anything...
Also I would like to ask you to check another issue of mine (even if i don't think it's virus-related) since you look full of resources
I don't know if I have to create another post for this but I may have an issue with my disk space, it basically shows more full space than it should, since if i try to select all the folders in C: they weigh way less than it shows on Computer tab (something like 15-20 GB less), also my Windows folder is reaaally big, it almost hits 40 GB of space, I already tried reducing it by disabilitating the hibernate mode and using the disk cleaning tool, which reduced some space cleaning the Windows Update folder, freeing 8 gb (i think it is winsxs, but it's still really big), the biggest files/folders in Windows are pagefile.sys (15GB) and winsxs folder (15GB), I used WinDirStat to check it. I don't really think it is a virus causing this, but it's still really strange, I don't think it is supposed to be like that, if you can help I would really appreciate!
By the way since I used RogueKiller the first time it all went back to normal, I just wanted to make sure it was all ok, especially because my anti-virus progams (avast and malwarebytes) didn't detect anything...
Also I would like to ask you to check another issue of mine (even if i don't think it's virus-related) since you look full of resources
I don't know if I have to create another post for this but I may have an issue with my disk space, it basically shows more full space than it should, since if i try to select all the folders in C: they weigh way less than it shows on Computer tab (something like 15-20 GB less), also my Windows folder is reaaally big, it almost hits 40 GB of space, I already tried reducing it by disabilitating the hibernate mode and using the disk cleaning tool, which reduced some space cleaning the Windows Update folder, freeing 8 gb (i think it is winsxs, but it's still really big), the biggest files/folders in Windows are pagefile.sys (15GB) and winsxs folder (15GB), I used WinDirStat to check it. I don't really think it is a virus causing this, but it's still really strange, I don't think it is supposed to be like that, if you can help I would really appreciate!
10
Malware removal help / Re: Possibly infected with a Bitcoin farmer malware
« Last post by Curson on August 20, 2018, 05:07:48 pm »Hi Dyav,
The main part of the infection was already removed.
However, we will now get rid of some leftovers.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
How is your computer running ?
Regards.
The main part of the infection was already removed.
However, we will now get rid of some leftovers.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
How is your computer running ?
Regards.
