CryVICSky

Member
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About CryVICSky

  • Rank
    New Member
  1. Yes, pass on this suggestion, please. In the current lists it is difficult to find those points on which it is necessary to pay close attention. In which section of the forum can I discuss with the experts logs Farbar Recovery Scan Tool? I may have questions on some elements of these logs to understand the functions and actions of this utility. I think it's worth closing this thread of discussion. All problems are solved at the current stage. If there are new problems, then I will come back and open a new thread of discussions in this forum. Thank you for your help!
  2. In this case, I would like to ask you to recommend to the developer of Farbar Recovery Scan Tool to allocate separate blocks of information for suspicious and / or infected objects in the scan logs. For example: ==================== Processes (Suspicious) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Item 1 Item 2 Item 3 etc... ==================== Processes (Infected) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Item 1 Item 2 Item 3 etc...
  3. Does the Farbar Recovery Scan Tool (FRST) have a change log? How can I work with alternative data streams in the future? What kind of danger can they carry? Do I need to immediately delete all found elements of alternative data streams? That is, to perform the same actions as you did in this case? Addition.txt FRST.txt scan_170525-131425.txt
  4. Is there real-time interaction with the developer of the Farbar Recovery Scan Tool utility as experience is gained and for making changes and / or improvements?
  5. You want to say that this operating system restores dynamic libraries, which are its critical elements from the backup storage, if they are accidentally or intentionally deleted by someone or something? Or did I misunderstand? Fixlog.txt
  6. Problems after treatment, in principle, did not arise, but several questions appeared. The dynamic library wbiosrvp.dll was finally removed, so it was not a legitimate part of the operating system? And how or with what utility can it be checked quickly? Addition.txt FRST.txt scan_170523-171200.txt
  7. I ask you, explain in detail, as far as possible, what this script (fixlist.txt) did and why.
  8. ... R1 uze3mjk3; C:\Windows\system32\Drivers\uze3mjk3.sys [11264 2017-05-16] () [File not signed] ... C:\Users\Иван\Downloads\Электронные Книги\Программирование\Занимальные уроки с Паскалем\Projects\ProjectsPAS\Транслитерация\транслитерация.exe C:\Users\Иван\Downloads\Электронные Книги\Программирование\Занимальные уроки с Паскалем\Projects\ProjectsPAS\Элементы управления\WFControls.exe ... The driver uze3mjk3.sys* (may have a different name) is well known to me. It was created by the AVZ utility (http://www.z-oleg.com/secur/avz/, https://forum.kaspersky.com/index.php?showforum=150) from Kaspersky Lab. * Process and driver monitoring driver AVZPM. It is intended for tracking start and stop processes and loading / unloading drivers for searching masking drivers and detecting distortions in the structures describing processes and drivers created by DKOM rootkits. Executables: транслитерация.ехе and WFControls.exe; Can not be dangerous, as they are written and compiled for educational purposes in the learning environment of programming - PascalABC.NET (http://pascalabc.net/). Fixlog.txt
  9. C:\Windows\system32\wbiosrvp.dll --- Trojan.GenericKD.4561291 (B) [krnl.xmd] The infected file is located deep in the root directory of the operating system. Emsisoft Internet Security version 2017.4.1.7484 can not solve this problem. I ask for help in solving the problem. Addition.txt FRST.txt scan_170519-165318.txt