Jump to content

itman

Member
  • Content Count

    130
  • Joined

  • Last visited

  • Days Won

    1

itman last won the day on April 14 2014

itman had the most liked content!

Community Reputation

2 Neutral

About itman

  • Rank
    Forum Regular

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

5035 profile views
  1. Found and remove the malware manually. It is definitely one insidious bugger to say the least. Believe I have found a new and undetectable ransomware. Appears it is targeted at Win 10 and using Smartscreen's Outlook filter to do its dirty work. Explains why impact of it on my PC was minimal. I have MS Office installed but I don't use Outlook for my e-mail client. It must perform some fingerprinting on users w/MS Office installed. On to the gory details. I am attaching the reg. key where the malware was found. Note that same malware was found in all 3 instances of this key, 3B6C15BE-F9
  2. Task Scheduler totally totally busted. Won't even start up. Can't type into "Search Windows" toolbar box anymore. God knows what else is borked. I am doing a system restore and will never run Farbar crap again.
  3. I ran FRST64 w/admin privileges and got a bit farther this time before it crapped out. Here's the log. Fixlog.txt
  4. Also now have a ton of the following errors in my event log: Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 11/1/2016 5:12:15 PM Event ID: 16385 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Don-PC Description: Failed to schedule Software Protection service for re-start at 2116-10-08T21:12:15Z. Error Code: 0x80070005. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C
  5. FRST64 keeps aborting in the middle of the fix scan. Shut down EMET, disabled all of ESET except the firewall, and disabled all of EAM whose behavior blocker was going nuts. I am now pee-ood since Win 10 set IE11 search provider to Bing due to "corruption" and I can't reset to Google via "Manage Add-Ons." -EDIT- Was able to add Google search add-on from IE site. After I start up IE 11 again, it tells me its corrupted and do I want to use Bing instead. Is this bogus MS crap? Also noticed this: Task: {2131F82C-E0F0-4197-8BC1-C4D4E7D87DF4} - System32\Tasks\Delete URL Temp Files =>
  6. Here's the Farbar reports. FRST.txt Addition.txt
  7. Thanks. Found it and set to no re-scan. Will report back on if this fixed the problem.
  8. Quarantine folder is empty. I believe the issue is a temp folder is being created every time I boot regardless of if an actually sig. update occurred. It appears it is these folders that are not being auto deleted by EAM. Also might be a bug in the Quarantine scanning where it creates the folder regardless if there are any existing items. I will attempt to set re-scan to manual as you suggest. -EDIT- No option to set re-scan to manual. Might only be present if quarantine items exist?
  9. I tried both. Neither would run on my Win 10 x64 1607 build. Believe the issue is Smartscreen. I checked my reliability history and Smartsceen appears to have crashed everytime I run Farbar. It did complain about both vers. when I tried to download them.
  10. FRST64.exe appears not to work for Win 10. Won't start up. I tried Win 8 compatibility mode and still a no-go.
  11. A bit more information on this incident. Appears this infected.txt file dates back to the last time I manually installed EAM which was on 8/26. Best theory I have is it arrived in the EAM installer. Don't know how that is possible since I always download EAM from the Emsisoft web site. At least that gets EAM's self-protection off the hook. Downright scary. In any case, EAM is reinstalled and no "infected.txt" is present in the EAM program directory.
  12. They are created when a virus sig. update occurs. However, today only one was created after the PC's initial boot.
  13. Thanks, that is want I needed to know. The question is how did it get around EAM's self-protection? To play it safe, I am going to uninstall EAM using Revo UninstallerPro and re-install.
  14. Stapp, I just want to know it that file is used by EAM. Really can't see how it is. My PC is clean.
  15. Found a file named infected.txt in my Emsisoft Antimalware program folder. It scanned cleaned at VirusTotal. Was created on 8/26 and update this afternoon. If this not a valid EAM file, I want to get rid of it. infected.zip
×
×
  • Create New...