iondjp

Member
  • Content Count

    40
  • Joined

  • Last visited

Community Reputation

0 Neutral

About iondjp

  • Rank
    Member

Profile Information

  • Gender
    Male
  • Location
    Canada

Recent Profile Visitors

3490 profile views
  1. I received a obviously suspicious email this morning. One of my email addresses was used for both the sender and recipient. The subject line was just my name, all in lower case. It had a jpeg attachment with a size about 192K. This obviously appears to be a ransomeware attempt, but I'd like t0 understand a few things because I get asked this by friends and clients all the time: Is there a way that the JPG can be looked at without doing harm? How does a JPG infect my machine?
  2. Sorry for leaving this hanging. I have given up on this and decided that it is a windows update issue. I have read a number of articles about issues with recent Windows releases. Most notably, https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-octobers-been-a-nightmare.html. Earlier this summer, I also went through several weeks of back and forth recovery to eliminate Blue Screen boot errors. I was pissed and I don't want to find myself back down that rabbit hole. Thank god for reliable backups. Here's a tip of the hat to 'EaseUS To-0Do Backup'. So, for now I have prevented Windows from doing Auto Updates by setting my network adapter setting to 'Metered Connection'. Most frustrating about this is the paragraph (below) from the article about the insane game of roulette that Microsoft is unapologetic about. "Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their \Documents, \Pictures, \Music, \Videos and other folders disappeared." This is reminds me of the B.S. that Microsoft made us suffer through back in the 1990s. ARRRGHHH!!! Thanks all.
  3. Thank You GT500 for all your help. I give up. I have tired your suggestion of using ShutUp10 and, well, I don't see what it accomplished. I have disabled the malware protection and let the thing boot without intervention, but I still get frequent update failure notifications daily. Strange things that are above my pay grade and beyond my understanding. I am reluctantly acceptting that this is just microsoft using the trial and error method again to release updates. It is not all updates that fail. In fact I don't understand a number of things I see. For example; why would I see 2018-09 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4457128) Successfully installed on ‎2018-‎09-‎11 and then further up the history I see; 2018-09 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4457128) (4) Last failed attempt on ‎2018-‎09-‎17 - 0x80070157 I thought it was already installed successfully?!?!?! Then I don't see it again higher up on the list with a new date. Has Windows decided to give up trying to install it, or has windows come to realize "oops" we already installed this one. Silly windows. I also notice even the Windows Defender Antivirus Definitions are failing sometimes. Definition Update for Windows Defender Antivirus - K2267602 (Definition 1.277.294.0) Failed to install on ‎2018-‎09-‎29 - 0x8024000b
  4. I want to thank you for your efforts, but I install Process Hacker and I just don't know where to start and it leaves me just as (more) confused. How do I know which process is launching the installer. By the time I get Process Hacker started to sort and attempt to see what process is guilty, the installer shuts down and evaporates. Is there nothing in the Event Manager that would reveal anything? I am close to just doing a full backup and then letting installer do it's thing and see what happens. Am I crazy to do so?
  5. Ran the various troubleshooters for Windows Update. How can I determine what is launching the installer? In other words, is there a way for me to determine if it is part of the Windows Update process? Is it normal for Windows Update to run installer upon reboot after an update install? What would happen if I click "Wait, I think this is safe?". Am I going to end up with a world of misery?
  6. FRST ran without a problem. Here's the two files. Addition.txt FRST.txt
  7. I don't mind if you forward it to support forum. I would just like to know what is going on and that Windows 10 is up to date. As far as the Windows Update being blocked....what should I look for? I see again today that there was a number of items in Emsisoft log showing Component=Scheduler & Action=Update "Downloaded and Installed". The system notified me of a required restart which I allowed to happen. Upon login to my user account, I saw Emsisoft alert me "Suspicious Behaviour "HiddenInstallation" of "MSIC461.tmp". If I was to click "Wait, I think this is safe" what would happen?
  8. This continues to happen whenever I restart windows. I am still seeing Windows complaining that it could not finish installing update. So,what recourse do I have? I do not have the experience to narrow my troubleshooting down. Is there something I could search for in the Event Viewer? Is there a trick in MSConfig to limit startup options to narrow down the culprit. I did look in the Task Manager startup options, but nothing jumps out at me.
  9. I witnessed a pop up notification by Emsisoft. Here is the detail... 2018-08-24 8:47:25 AM Behavior Blocker detected suspicious behavior "HiddenInstallation" of "C:\Windows\Installer\MSI174C.tmp" (SHA1: 67ECD82937ED15C2159EA3892A07BA6ACB74179A) 2018-08-24 8:47:25 AM A notification message "Suspicious behavior has been found in the following program: C:\Windows\Installer\MSI174C.tmp" has been shown Now, coincidentally I have been monitoring windows updates and I see in the Windows Update History... 2018-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4343909) (9) Last failed install attempt on 2018-08-23 - 0x80070157 So, is the EIS notification indicating a legitimate behavior block, or is it interfering with Windows Updates? I am confused because the last failed attempt of the Windows Update is 2018-08-23. Incidentally, I have seen both the EIS behavior block and the Windows Update failure a number of times and I see 3 MSIxxxx.tmp files have been marked "Suspicious Behavior Quarantined by User" as well as 9 have been marked "Allowed by Anti-Malware Network, rule created". I was going to attach here the C:\Windows\Installer\MSI174C.tmp file, but the folder C:\Windows\Installer does not even exist. Also strange, the EIS Quarantine tab does not list the MSI174C.tmp file, nor does it list one of the other files the log indicates was quarantined (MSIBE3E.tmp) on 2018-08-13.
  10. I received an email stating that my laptop camera had been hi-jacked. The email had been labelled Junk mail and was disabled. I am almost certain that it is phishing attempt, but more than one person uses this laptop so who knows. In any case, it raises a few general questions about Emsisoft Anti-Malware. Is it possible for a rogue video to actually install something on the machine, or would EAM and Windows Firewall protect from that? If it was possible, would EAM scan be sufficient to find it? Would EAM behaviour blocker protect against it's operation? Is there more I should do at this stage? As usual....thanks in advance.
  11. The auto-diagnose tool did run and it did show that it had "Fixed" the problem, but it did not. Also noticed after posting this that I could no longer sync Outlook with phone using VCOrganizer app so I started to think about what may have changed. I recalled that I had uninstalled a number of programs using Revo Uninstaller. I was perhaps a bit too aggressive. So to resolve the firewall issue, I recovered a restore point to prior to that exercise and the firewall issue and outlook sync issue went away. I then removed the programs again one by one successfully. Thanks for your assistance.
  12. I was met with a notification today that the Windows Firewall is turned off. I launched Windows Defender Security Center and it shows "Windows Firewall service has stopped. Restart it now." Clicking the Restart button launches the UAC warning, but nothing after that. So, I look in Windows Firewall Security Center/Firewall & network protection. there is a red circle with X and "Windows Firewall is using settings that may make your device unsafe." Click Restore settings button, again shows UAC warning, but that disappears once I click to give permission to make changes to my system and nothing else happens. Strangely, on that same screen I see Private (discoverable) network followed by Network is not connected. The same below it..."Public (non-discoverable) network and "network is not connected. Now I am in fact connected through Wifi to WLAN and the internet. I also launched services.msc and I see the Windows Firewall status is Starting for along time. When I try to stop the service, I get "Windows could not stop the Windows Firewall service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error...." I normally would not bother Emsisoft with a problem that seems to be related to windows 10, but there are numerous suggestions elsewhere that this may be related to the fact I am running Emsisoft Anti_Malware. Any advise would be appreciated.
  13. Does EIS Scan Browser Certificates or scan Trusted Authorities that appear in my browse certificate manager? In other words, how do I know that the Certificates, the Servers, and the Authorities that appear in the list are legitimate and trustworthy? I ask because I noticed by accident that the list of Authorities in Mozilla exceeds 91. Some of them I recognize, such as Thawte and Verisign, but there are several others and some are in foreign languages. Furthermore, under the Others Tab there are a number of other Certificates under The USERTRUST Network with strange names like Bogus GMail, Bogus Skype, Bogus Google. When I try to remove these, they just reappear. However that maybe because my Windows User Account is set to Standard User.
  14. Thank you for your Elise; Just to confirm, based on your comments I conclude... UNC or Mapped Drive Letters are both vulnerable read only files are not necessarily safe my local network server backup files are not necessarily safe So, I should install security protection on my WHS V1. Do you know if Emsisoft will install and play nice on a WHS V1? It is based on Windows Server 2003 R2.