winston

Member
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About winston

  • Rank
    New Member
  1. so far, fine, but, the emsisoft anti-malware software that i've previously installed and run in my pc keep showing up pop-up dialogue box telling me that segurazo malicious program detected and then asking me to restart my pc when actually i have already cleared or cleaned them as we work through before, for frst fresh scan, i will do it and come up with a log report to see how it goes . . . ,
  2. so, i'm all done now ? after i click the 'remove' button to delete all the malicious stuffs detected, that's it ?
  3. here's the report, please have a look, RogueKiller Anti-Malware V14.1.1.0 (x64) [Jan 28 2020] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 8.1 (6.3.9600) 64 bits Started in : Normal mode User : winston [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200212_135530, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2020/02/13 06:25:54 (Duration : 02:15:54) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] SegurazoIC.exe (4016) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe -> Found [Rogue.Segurazo (Malicious)] SegurazoService.exe (4060) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] SegurazoIC (4016) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoIC.exe -service -> Found [Rogue.Segurazo (Malicious)] SEGURAZOKD (0) -- (Digital Communications Inc.) \??\C:\Program Files (x86)\Segurazo\SegurazoKD.sys -> Found [Rogue.Segurazo (Malicious)] SegurazoSvc (4060) -- (Digital Communications Inc) C:\Program Files (x86)\Segurazo\SegurazoService.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Segurazo -- N/A -> Found [Rogue.Segurazo (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Segurazo -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372- 1363556664-1368506968-1001\Software\csastats -- N/A -> Found [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4258784372- 1363556664-1368506968-1001\Software\AppDataLow\Software\QiYi -- N/A -> Found >>>>>> O23 - Services [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System \ControlSet001\Services\SEGURAZOKD -- (Digital Communications Inc.) "C: \Program Files (x86)\Segurazo\SegurazoKD.sys" -> Found [Rogue.Segurazo (Malicious)] (X64) HKEY_LOCAL_MACHINE\System \ControlSet001\Services\SegurazoSvc -- (Digital Communications Inc) "C: \Program Files (x86)\Segurazo\SegurazoService.exe" -> Found >>>>>> O87 - Firewall [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE \System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules|{A249C05E-EBF1-4394-AACC-00A9888F1907} -- v2.22|Action=Allow| Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found [PUP.RelevantKnowledge (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE \System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules|{0C6F6A31-F73F-49E2-AB69-D220F7D406C8} -- v2.22|Action=Allow| Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe|Name=rlvknlg.exe| (C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe) (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Microsoft \Windows\Start Menu\Programs\Segurazo -> Found [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\ProgramData\Segurazo -> Found [Rogue.Segurazo (Malicious)] (folder) Segurazo -- C:\Program Files (x86)\Segurazo -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Chrome Addon [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei \AppData\Local\Google\Chrome\User Data\Default\Extensions\BHOAGC~1) -- bhoagceacaklimpcejjofabngcjkebfg -> Found [PUP.SearchManager (Potentially Malicious)] Search Manager (C:\Users\mei \AppData\Local\Google\Chrome\User Data\Default\Extensions\NCCFGP~1) -- nccfgpamboionigdpfjmijhlgmgdbael -> Found
  4. there's something called 'sezurago', that's annoying because that program couldn't be deleted and removed even with emsisoft anti-malware program that i have run in my pc, in fact, when the pop-up message box shows up telling me to restart my pc, that malware still exists in my pc after i restart my pc, and i did that for 5 times already, that bad stuff always there, another question please, in addition to emsisoft anti-malware program i have in my pc, i also have the another one called 'window defender', that program used to work before but however, now isn't working anymore, it was disabled few days after i visited a malicious site, therefore, i wonder if it's possible to have it on to work because i really miss that program, i have that in my pc for many years. AdwCleaner[C01].txt
  5. i allowed frst to run anyway but once i click yes to run, nothing actually shows up after that, so i couldn't run it, not too sure what i should do now ? does that mean my pc is fine and clean because the first scan report result doesn't say anything about whether or not my pc is currently infected ? i feel so frustrated at the moment.
  6. cannot do that because everytime i download that program, my pc always rejects it and therefore i cannot go any further from there, so the conclusion is no download, no excution, no log . . .
  7. hi everyone, my window defender program got disabled 2 days after i visited a suspicious site, i tried to figure out how to turn it back on but i couldn't think any ways to cope with this, i run the emergency kit and perform the malware scan which gave me a scan report at the end of process, i enclosed that below this message but as i saw from the report, it does say my pc is actually fine without virus or any other malwares detected but however, my window defender still not working as i tried to go back to turn it back on, it doesn't work still, therefore, as per this query thread, can i find out how to have my window defender back to normal working state and how to be sure that my pc is actually completely clean even if the defender program issue is fixed ? p.s. oh oh, by the way, for the frst installation, i tried to do that but however, my system pc automatically reject it 2 seconds after the program has been downloaded and therefore, i couldn't run it even though i recognized that i should go forward to run it, nevertheless, it's not i don't want to run it, it's just that my pc doesn't let me go forward, so how should i get around this tricky part? much appreciated, thank you, winston Emsisoft Emergency Kit - Version 2020.1 Last update: 2020/2/9 pm 06:41:04 User account: mei-nb\mei Computer name: MEI-NB OS version: Windows 8.1x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: Off Scan archives: Off Scan mail archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off Scan start: 2020/2/9 下午 06:41:44 C:\Users\mei\Desktop\Downloads\FRST.exe detected: Trojan.GenericKD.33027215 (B) [krnl.xmd] C:\Users\mei\Desktop\Downloads\FRST (1).exe detected: Trojan.GenericKD.33027215 (B) [krnl.xmd] Scanned 42701 Found 2 Scan end: 2020/2/9 pm 06:58:30 Scan time: 0:16:46 scan_200209-184144.txt