Jump to content

bluescreen

Member
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

2813 profile views
  1. FRST scan 2 26 21.txt Addition scan 2 26 21.txt Emsisoft scan_210226-180347.txt Note to Emsisoft volunteers 2 26 21.txt
  2. Adding this screenshot from ProcessExplorer. "The system cannot find the file specified" in order to submit to Virus Total, and the Virus Total button is greyed out.
  3. Hello, I'm afraid I have something bad going on here, but I'm not sure, so I thought I'd post here before going to the malware forum (especially since the machine may not even be worth cleaning, as I will describe below). Emsisoft Anti-Malware scan doesn't show anything, but I have been concerned about a possible kernel-based malware and dll injection/api exploits? I can't run or even install Malwarebytes. I just installed Private Firewall, and this log shows some activity that looks strange to me, including a2service starting a remote thread. This is a home computer on wifi but not connected to a homegroup at all, and I have tried to disable/disallow all remote access whatsoever. When I use ProcessExplorer, many of the program windows come up with blank information and tell me I don't have access. You are going to scold me, because I have been running Windows 7 without updates. I have shut down a bunch of services, disabled debugging, and disallowed a bunch of programs. I realize the machine is in a bad state with the current OS and no updates, and I will likely be wiping it and installing Linux soon. I need a new computer but would like to use it as a backup computer. I can't reinstall Windows 7, because I accidentally put tape over the product key and can't read it anymore. However, I am curious about what is going on here and would appreciate any thoughts you have. Do you think there might be malware in the boot sector? If there is malware in the boot sector, would it be destroyed if I reformatted and installed Linux as opposed to Windows? Is it worth trying to remove malware from this Windows installation? Just wondering what you make of these screenshots from Private Firewall and ProcessExplorer. Notice that "sniffers" are being set with each new program. Private Firewall shows two unknown programs listening at ports, but I can't find them on any program list, and the firewall will not shut them down. ProcessExplorer shows an almost blank properties window for a2service and unknown handles. One last thing that makes me feel like I'm going crazy: When I saved these jpg files to my desktop, the computer initially generated two thumbnails that looked identical...one that was the .jpg, but the other's properties said something like "PMOD" with something about "Windows shell." I'm not sure...but they were there but are now gone. I apologize in advance if I am totally misreading everything and just being paranoid. However, all these sniffers and hooks and the unknown programs have me worried. Thank you for any thoughts. bluescreen
  4. I'm not an expert on knowing where to look. However, in the Windows Logs, under "System," there is an entry at 6:06pm saying, "The Emsisoft Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service." Two seconds later, there is an entry saying that the same service is running. (I did not see anything restart before the reboot, though--the dashboard window never reappeared, and I may not have been watching CPU closely then.) Also under "System" at 6:09:28 PM, there is an entry saying "The Emsisoft WSC Integration Service service terminated unexpectedly. It has done this 1 time(s)." Under "Application," there are about 13 entries for "Restart Manager" between 5:59:02 and 5:58:52 PM, all saying things like Starting Session 1 or Ending Session 1. I don't know what this refers to, and it may be totally unrelated to this episode. I just mention it because the timing is close to when I noticed the original problem and before I rebooted the computer. Under "Administrative Events," "The previous system shutdown at 6:12:14 PM...w.as unexpected." (I think this was right after I held down the power button.) Under "Security" at 6:12:55pm. "Audit events have been dropped by the transport." (maybe just becuse of reboot?) Actually, I suspect these log entries are from when I was trying to shut down the service using Process Explorer. I am pretty sure I noticed the problem with the missing dashboard right around 6pm, not this late. So there may not be event log mentions of when this actually happened. Sorry...I doubt any of this helps. I just wanted to put my experience on the record, though. Everything is still running well and quietly (no CPU revving) since I rebooted.
  5. I just updated to the new stable updates this afternoon. A few hours later, I realized while working on the computer that the Emsisoft dashboard window was completely gone, including its taskbar icon, and I couldn't make it reappear even by trying to restart the program. I realized that the Emsisoft programs were still visible in Process Explorer, but there was no CPU associated with them. I was upset, as I had just been on my banking website. I cut my internet connection and shut down all Emsisoft programs from Process Explorer, except for a2start, which I was told I did not have permission to access. I rebooted the computer, and everything started up fine. I was delighted after initially updating this afternoon that the CPU revving problem with a2start seemed to be gone after many, many months of seeing the problem, but the apparent crash afterward is of concern. So far so good on the reboot, but I am watching the taskbar closely.
  6. Thanks, Azure Phoenix. I was wondering if anyone had any thoughts on the invalid hash warnings? It is concerning when you receive messages that your antimalware program may have been corrupted or undergone unauthorized modification.
  7. Sony Vaio Laptop Windows 7 Professional, Service Pack 1, 64-bit Emsisoft Anti-Malware, Version Version 2018.1.0.8407
  8. Getting intermittent warnings in the Windows 7 security log. I run Windows 7 SP1 64bit on a Sony Vaio laptop. Code Integrity has determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: Device\HarddiskVolume3\Program Files\Emsisoft Internet Security\a2hooks64.dll I used to have Emsisoft Internet Security, but it changed itself to Emsisoft AntiMalware. Can anyone help me understand what is going on here? Thanks in advance. Bluescreen
  9. A belated thank you for your response. I'm really glad this community is here.
  10. Thanks for answering. It says it was for Thunderbird.exe. That makes sense about the restart. Thank you.
  11. See edit to original message: ON EDIT: My computer mysteriously restarted itself, and the problem was gone when I came back. Very strange. I guess I am okay, unless this sounds suspicious and like I have got malware. Thanks very much for being here.
  12. ON EDIT: My computer mysteriously restarted itself, and the problem was gone when I came back. Very strange. I guess I am okay, unless this sounds suspicious and like I have got malware. Thanks. I got an alert from EIS that a program was trying to install silently in the background, so I quarantined it. It was actually Thunderbird trying to update itself. I realized as I was quarantining that it was a Thunderbird update, but I quarantined anyway, because I figured it was only an update, and given the suggestion of sneakiness in the alert, I thought I would research to make sure it was a legitimate update. I thought it would merely prevent the update installation, but it blocked Thunderbird altogether. There are only four malicious items in my quarantine folder, and none of them are Thunderbird. When I try to launch Thunderbird, nothing happens. I did find Thunderbird in the quarantine log and deleted that, but I guess it was just a log entry. I still can't launch the program. How do I reverse this and get my email program back. And in the future, if I want to prevent an automatic, silent update, how do I do it without blocking the entire program? Thanks in advance for helping me. Bluescreen Windows 7, 64-bit Emsisoft Internet Security
  13. Thanks for the response. I did upload it to VirusTotal, and everything was clean. I am just bewildered as to why the alerts have suddenly started now, after no alerts at all even though I have been using the program in the very same way for a while. What is happening to start them now, as opposed to when I started using the program? I appreciate your input. Thanks.
×
×
  • Create New...