
Scrooge
Member-
Content Count
21 -
Joined
-
Last visited
Community Reputation
0 NeutralAbout Scrooge
-
Rank
Member
-
Closed Windows Host processes connections
Scrooge replied to Scrooge's topic in Help, my PC is infected!
Thanks a lot Kevin, I thought if these were russian or chinese IPs, I would start worrying and rush right off the bat like crazy to block port 445 and 139 and maybe 137, 138 as well :)) but these our our guys form NSA and other three-letter "companies" so they probably 'forgot' that it says there in my file " PKIA somwhere in the Pasific":) Thanks again Kevin, and God bless America just in case..:)) p.s. So Microsoft has been using their servers for quite some time I see. It's like dedicated web hosting or something, right outsourcing and whatnot. who knows. -
I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019 I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don'
-
Thank you very much for your time. I really appreciate it. The topic can be closed now.
-
Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating sys
-
Closed Rkill showed a reparse point/junctions found
Scrooge replied to Scrooge's topic in Help, my PC is infected!
Thank you. Maybe this reparse something was caused by the fact that I wanted to install Keeper password manager from Windows store until I didn't because I changed my mind and then I messed it even more in Windows 'head' by trying to install its desktop version until again I didn't because I changed my mind the second time. -
Closed Rkill showed a reparse point/junctions found
Scrooge posted a topic in Help, my PC is infected!
Hi, it's me again. Today I scanned my laptop with this Rkill, I don't know why, maybe I souldn''t have but earlier it never showed this: Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir] I attach the Rkil log. Should I be concerned about i? I immediately scan the whole computer with EEK but nothing was found, the sam -
Thank you Kevin. If I can ask you one more thing. I was wondering would you adise to turn on this relatively recent feature "memory integrity" in Windows Defender Seurity Center with Emsisoft being installed? I've heard that some Windows users reported significant slowdowns and a decrease in system performance after they turned it on, even without any antivirus program being installed? p.s. I just tried to delete it but it doesn't want to be deleted somehow. It says the file or folder is open in another program but I don't know where it can be opened.
-
Fixlog here. Fixlog.txt I also have a question. What should I do with the folder FRST on my C?. Can I delete it? Because now everytime I start the Device Performace & health section it says 1 recommendation and when I run the troubleshooting it says that SASKUTL and SASDIFSV don't have drivers, which is quite understandble. I can always dismiss it but I'd like to get rid off it. They belong to SUPERAntiSpyware software and they are not essential for Windows. I don't have it any more and I don't want it. Can I just delete FRST? p.s. I'm sorry. It doesn't show any m