Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


BlackSun last won the day on December 27 2014

BlackSun had the most liked content!

Community Reputation

1 Neutral

About BlackSun

  • Rank
    Active Member
  • Birthday 10/23/1990

Profile Information

  • Gender
  • Location
  • Interests

Recent Profile Visitors

4491 profile views
  1. Sweet, thanks very much! Are you going to add the entire domain of the fake website from my original post to be blocked, too? Doing so would prevent any further variants of the same scheme from ever taking root. It is very clever and insidious, "hijacking" search engine results like that, as anyone not knowing better and just looking for files for whatever the <most recent version> of the game is, is bound to be directed to this fake website instead of the real one. Having that blocked right there would be a big win.
  2. Alright, here we go, fired it up - log's attached. And about those samples, where can I provide those, is it still needed? I just had Emsi flag the samples when I let it scan them. That's a file hash detection, correct? Fixlog.txt
  3. Ah, thanks! My system's got an uptime of 9 days, currently. Did that possibly get added when installing the update to my Java Minecraft install 3 days ago, and would that be removed / cleaned up by doing a reboot on its own, which we may interfere with? If not, I'll just fire this line off if it has no business being there. ... ah hell, I may just do that anyways. =D As for the samples - as my placeholder post above states, I was unable to upload them. How do I do that, for your team to have a crack at it (and possibly add the domain it came from to webguard blacklists)?
  4. Thanks for the reply! Glad to hear that, calms my nerves. Before I continue doing that, some questions: As for the CMD starting on root C:\, that's my doing. I prefer having CMD start at good old fashioned C:\ root when I open it. Does that mean that, if I want to keep it working that way, I can leave the 1st line out? What is the other line? Something Java, I assume - what exactly does that do? Just curious before I execute anything. =D I know that pcalua.exe is the compatibility assistant, and last session, my Minecraft (Java-Edition) crashed for some reason a few minutes in
  5. [Placeholder post] I am trying to upload a ZIP / 7z / RAR of 1) samples of the suspected malware 2) content of my TEMP that I preserved after the possible infection, and 3) Event Viewer log file from the relevant timespan. It's 4MB in size total. Yet it always gives me this error: "Sorry, an unknown server error occurred when uploading this file. (Error code: -200)" How do I upload these to attach them to the topic?
  6. Hello, one thing i advance - I cannot, for the life of me, find anything suspicious on my system outside of (manually guessed) traces. No scanners come up with any detections, so I'm guessing some context may be needed. Here goes... I've recently fallen for an imposter website when downloading a setup. Decided to return to playing some Minecraft after like 3 years, updated the game, wanted to update a respected mod for it, remembered it had an installer (unusual for Minecraft mods), and looked it up accordingly: Search term: "Minecraft Forge 1.17.1" First result - website looked
  7. And this, technically, is wrong. As long as Anti Malware detects something as being harmful / unwanted and even quarantines it, despite it not containing anything actually harmful... what's that called? Right - a false positive. The point of any Anti Malware software is to find harmful objects, whatever they are, wherever they are, and prevent them from successfully causing harm to the system and user. Arguing that it "technically isn't a false positive", because the program was deliberately instructed to treat a harmless folder name string as a harmful entity in itself, is a false p
  8. ... and I can't even submit false positive report, because it then states it can't find the file. Yeah, because there is no file to begin with...! Some people may like to put all their installed browsers into a subfolder "Browser" within Program Files to keep on top of things. If it's literally just detecting the path itself, "C:\Program Files (x86)\Browser\", then yes, I created that to install my browsers into. Scan start: 3/5/2020 5:19:20 PM C:\Program Files (x86)\browser detected: Adware.Win32.XBrowse (A) [223312] ... adding that to exclusions will prevent Emsis
  9. Had the same issue just now. I restarted Win7 x64 because the mouse was acting up. Restart fixed that, but renewal box popped up. I closed it, Emsi quit. Started it again, same thing, despite it stating that it had close to 300 days left. Closing the renewal window still made Emsi quit despite showing 290+ days of license left. The process of logging into my Win7 acc took a weirdly long amount of time, too, right before (right as?) Emsi acted up. Restarting once more solved both issues. We also have the cloudflare routing outage going on currently, so I'mma guess it was related to th
  10. SLUI 3 ist das Aktivierungstool von Windows, lässt sich direkt aufrufen. SLUI 1 zeigt, ob die Aktivierung erfolgreich war, um diese zwei einfach mal zu nennen. SFC habe ich noch nicht gemacht, da ich in der Vergangenheit bereits einmal ein System [von Famile] daran verloren hatte. Ich weiß, das hört sich seltsam an, aber das System hatte leicht instabiles Verhalten an den Tag gelegt, ich führte SFC aus, es wurden Reparaturen gemeldet, und danach bootete das System gar nicht mehr. Komplette Neuinstallation war fällig, seit diesem Fall machte ich auch Backups von privaten Systemen. Hat mich
  11. Captains Logbuch, Nachtrag: Schon wieder. Das erste Mal seit... 11 Tagen. Habe jetzt einfach mittels SLUI 3 den Key erneut eingegeben, doch bei Erscheinen des Fensters war der Hinweis bereits wieder weg. Trotzdem bekam ich danach Wird das angezeigt, wenn eine bereits aktive Version den selben Key nochmal zu aktivieren versucht? Oder würde man sonst darauf hingewiesen, dass der Key und / oder diese Windows-Installation bereits aktiv sind? Falls der BS nicht aufhört, werde ich die Updates wieder kicken. Kann ja irgendwie nich richtig sein...
  12. Bisher ist die Meldung nicht wieder aufgetaucht. Sobald sie es doch wieder tut, werd ich das aber mal versuchen. Wobei ich eigentlich nichts bedeutsames geändert habe seit dem letzten Auftreten. Ich habe allerdings eine Meldung in der Ereignisanzeige gefunden: 24.06.2017 hat diese angefangen - seitdem jeden Tag 2 bis 19 Wiederholungen der selben Meldung, bis heute. 06.01. bis 09.01.2016 steht auch die gleiche Meldung drin, nur mit a2service.exe stattdessen. Danach hat die aufgehört (Update?). Ist unter Warnungen archiviert, passiert still im Hintergrund. Soll dat s
  13. Gerade erneut aufgetaucht. Habe erneut die Systemeigenschaften aufgerufen, der Hinweis blieb stehen - bis ich in den Eigenschaften herunter gescrollt habe und das "Windows ist aktiviert" in SIchtweite kam. Erst dann verschwand die Meldung auf dem Desktop, exakt zeitgleich dazu. Was geht da denn ab...? Das hat mein System definitiv noch nie gemacht bis vorgestern! Ich lege Wert auf einen freien Desktop, sowas entgeht mir nicht. Ich bin dazu geneigt, die beiden eingespielten Updates wieder zu entfernen... wenn die Sache nicht an gestoppten Services liegen kann...?
  14. Hallo! Ich habe gerade eben eine extrem seltsame Meldung auf meinem Desktop bemerkt: Dieses System ist nun etwa 8 Jahre alt, und ein Laptop - also keine Hardware-Änderungen [außer SSD & RAM vor 6 Jahren]. Nach diesem Hinweis habe ich direkt in meine Systemeigenschaften geschaut: Huh? Huh. Als ich dieses Fenster wieder minimierte, war die Meldung auf dem Desktop auch wieder verschwunden. Hätte ich keinen Screenshot davon gemacht, würd ich jetzt echt an mir zweifeln. Sowas ist mir in all meinen Jahren in der IT noch nicht untergekommen... Die einzigen akt
  15. Thanks for the answer! So, Apps are being checked by checksums, against an up-to-date cloudside DB to check for any known bad apples. While surfing, not just domain names but complete URLs are being checked against a cloudside DB. All of this EMS-traffic is utilizing secure HTTPS, and not a bit of data is being logged and collected by you guys. That's what I'm getting from this - that correct so far? Now, while all the cool features in cars are definitely a nice thing, in some cases it has led to reckless driving and underestimation of dangerous situations. That's, of course, up to
  • Create New...