Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral

Profile Information

  • Gender
  • Location

Recent Profile Visitors

4668 profile views
  1. I'm sorry, this is above my pay grade...as they say. Are you saying that you found this HTML file somewhere in the wild somewhere and when launched it executes as you described? So it appears the resulting page appearing in the chrome browser is benign in this case? Does it look like someone experimenting with a script? If that is the case, where you found the script, GT500, may be a clue to it's purpose. What would be the purpose of this? Is this a technique that is used by advertisers to launch popups? The question for me then becomes, why would this appear on my daughters activity log" The other entries in the log include the predictable teenage sites like snapchat and Apple iMessage, etc, but there is also "www.emiratesnbd.com" which appears to be a UAE bank which is strange - unless she has a secret off shore bank account :). I have zero knowledge or experience with snapchat, however, I envision these domains may have been launched as a result of some pop up ad or something in one of those click-bait animations or memes.
  2. I did discuss it with my daughter and she has no knowledge of it and there is no reason for her to conceal it. I am aware that she drinks and she is open about it. This is why I was curious as to why it was appearing on the list. Probably nothing. Thanks for your assistance.
  3. That would be the logical assumption and one that I had made initially but became curious when the domain does not produce any conclusive results. Therefore, I suspected it might be a known malware vault. I did not come here in search of a means to entrap my child, but rather I thought that I was posting the question to an Emsisoft tech to advise me if I should have a heightened concern about a specific known malware infection.
  4. Today I was looking through router logs (TP-Link router) and I noticed a domain in the list of one of my teenager's logs. I tried to research that domain but failed to find anything significant. The domain is drunkquantity.org Can you provide any feedback on this?
  5. I just ran sfc /scannow and happy to see all was okay. It got me wondering, how reliable is SFC? Is it possible it too could be compromised to provide misleading results?
  6. I received a obviously suspicious email this morning. One of my email addresses was used for both the sender and recipient. The subject line was just my name, all in lower case. It had a jpeg attachment with a size about 192K. This obviously appears to be a ransomeware attempt, but I'd like t0 understand a few things because I get asked this by friends and clients all the time: Is there a way that the JPG can be looked at without doing harm? How does a JPG infect my machine?
  7. Sorry for leaving this hanging. I have given up on this and decided that it is a windows update issue. I have read a number of articles about issues with recent Windows releases. Most notably, https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-octobers-been-a-nightmare.html. Earlier this summer, I also went through several weeks of back and forth recovery to eliminate Blue Screen boot errors. I was pissed and I don't want to find myself back down that rabbit hole. Thank god for reliable backups. Here's a tip of the hat to 'EaseUS To-0Do Backup'. So, for now I have prevented Windows from doing Auto Updates by setting my network adapter setting to 'Metered Connection'. Most frustrating about this is the paragraph (below) from the article about the insane game of roulette that Microsoft is unapologetic about. "Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared." This is reminds me of the B.S. that Microsoft made us suffer through back in the 1990s. ARRRGHHH!!! Thanks all.
  8. Thank You GT500 for all your help. I give up. I have tired your suggestion of using ShutUp10 and, well, I don't see what it accomplished. I have disabled the malware protection and let the thing boot without intervention, but I still get frequent update failure notifications daily. Strange things that are above my pay grade and beyond my understanding. I am reluctantly acceptting that this is just microsoft using the trial and error method again to release updates. It is not all updates that fail. In fact I don't understand a number of things I see. For example; why would I see 2018-09 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4457128) Successfully installed on ‎2018-‎09-‎11 and then further up the history I see; 2018-09 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4457128) (4) Last failed attempt on ‎2018-‎09-‎17 - 0x80070157 I thought it was already installed successfully?!?!?! Then I don't see it again higher up on the list with a new date. Has Windows decided to give up trying to install it, or has windows come to realize "oops" we already installed this one. Silly windows. I also notice even the Windows Defender Antivirus Definitions are failing sometimes. Definition Update for Windows Defender Antivirus - K2267602 (Definition Failed to install on ‎2018-‎09-‎29 - 0x8024000b
  9. I want to thank you for your efforts, but I install Process Hacker and I just don't know where to start and it leaves me just as (more) confused. How do I know which process is launching the installer. By the time I get Process Hacker started to sort and attempt to see what process is guilty, the installer shuts down and evaporates. Is there nothing in the Event Manager that would reveal anything? I am close to just doing a full backup and then letting installer do it's thing and see what happens. Am I crazy to do so?
  10. Ran the various troubleshooters for Windows Update. How can I determine what is launching the installer? In other words, is there a way for me to determine if it is part of the Windows Update process? Is it normal for Windows Update to run installer upon reboot after an update install? What would happen if I click "Wait, I think this is safe?". Am I going to end up with a world of misery?
  11. FRST ran without a problem. Here's the two files. Addition.txt FRST.txt
  12. I don't mind if you forward it to support forum. I would just like to know what is going on and that Windows 10 is up to date. As far as the Windows Update being blocked....what should I look for? I see again today that there was a number of items in Emsisoft log showing Component=Scheduler & Action=Update "Downloaded and Installed". The system notified me of a required restart which I allowed to happen. Upon login to my user account, I saw Emsisoft alert me "Suspicious Behaviour "HiddenInstallation" of "MSIC461.tmp". If I was to click "Wait, I think this is safe" what would happen?
  13. This continues to happen whenever I restart windows. I am still seeing Windows complaining that it could not finish installing update. So,what recourse do I have? I do not have the experience to narrow my troubleshooting down. Is there something I could search for in the Event Viewer? Is there a trick in MSConfig to limit startup options to narrow down the culprit. I did look in the Task Manager startup options, but nothing jumps out at me.
  14. I witnessed a pop up notification by Emsisoft. Here is the detail... 2018-08-24 8:47:25 AM Behavior Blocker detected suspicious behavior "HiddenInstallation" of "C:\Windows\Installer\MSI174C.tmp" (SHA1: 67ECD82937ED15C2159EA3892A07BA6ACB74179A) 2018-08-24 8:47:25 AM A notification message "Suspicious behavior has been found in the following program: C:\Windows\Installer\MSI174C.tmp" has been shown Now, coincidentally I have been monitoring windows updates and I see in the Windows Update History... 2018-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4343909) (9) Last failed install attempt on 2018-08-23 - 0x80070157 So, is the EIS notification indicating a legitimate behavior block, or is it interfering with Windows Updates? I am confused because the last failed attempt of the Windows Update is 2018-08-23. Incidentally, I have seen both the EIS behavior block and the Windows Update failure a number of times and I see 3 MSIxxxx.tmp files have been marked "Suspicious Behavior Quarantined by User" as well as 9 have been marked "Allowed by Anti-Malware Network, rule created". I was going to attach here the C:\Windows\Installer\MSI174C.tmp file, but the folder C:\Windows\Installer does not even exist. Also strange, the EIS Quarantine tab does not list the MSI174C.tmp file, nor does it list one of the other files the log indicates was quarantined (MSIBE3E.tmp) on 2018-08-13.
  • Create New...