thebigeasytraveler

How do I stop this continuous behavior

Recommended Posts

Software continuously keeps catching these infections and places into quarantine.  Happening every minute or so. Are they safe?  What can be done to stop the pop-up every 1 minute and/or get rid of these files if they are harmful?

1. Medium risk Malware "Behavior.Spyware" in "C:\Program Files (x86)\Common Files\System Sll\sll.exe" quarantined by user 

2. Medium risk Malware "Behavior.FirewallModification" in "C:\Program Files (x86)\Common Files\System Sll\checkFirewall.exe" quarantined by user

Window 8.1, Emsisoft version 2018.10.1.2096

Many thanks in advance.
 


 

Share this post


Link to post
Share on other sites

If you could do the following, I could try and see if I can find information about the file in question:

  1. Open Emsisoft Anti-Malware.
  2. Click on Logs.
  3. Type sll.exe into the search field at the top.
  4. Find an entry in the list from the Behavior Blocker showing it detecting suspicious behavior for sll.exe and double-click on it for more information.
  5. The third line should be enclosed in parenthesis and should have SHA1: followed by a long string of numbers and letters. Copy this line, and paste it into a reply.
  • Like 1

Share this post


Link to post
Share on other sites
9 minutes ago, GT500 said:

If you could do the following, I could try and see if I can find information about the file in question:

  1. Open Emsisoft Anti-Malware.
  2. Click on Logs.
  3. Type sll.exe into the search field at the top.
  4. Find an entry in the list from the Behavior Blocker showing it detecting suspicious behavior for sll.exe and double-click on it for more information.
  5. The third line should be enclosed in parenthesis and should have SHA1: followed by a long string of numbers and letters. Copy this line, and paste it into a reply.

Thank you.  Here's the information requested

(SHA1: A2F4F2214750149DE0AFFBFE11253C5CEE9594B5)
 

Share this post


Link to post
Share on other sites

I'm not finding any matches for that SHA1 hash. If you restore the file from the Quarantine in Emsisoft Anti-Malware, then you can upload it to VirusTotal and have them scan it, then post a link to the analysis here for us to review:
https://www.virustotal.com/

Here's how to restore something from the Quarantine:

  1. Open Emsisoft Anti-Malware.
  2. Click on Quarantine in the Scan & Clean tile, or click on the icon on the far left (sidebar) that looks like a square with a white circle in it.
  3. Click on the file you'd like to restore from the list to select it (it should be highlighted in light blue when selected).
  4. Click on the Restore button in the lower-left.

 

Share this post


Link to post
Share on other sites

@GT500, I followed the directions that @stapp listed and I am working in another post with another staff member.  I don't want to confuse issues so please close this until we work through other potential issues from the beginning. Thank you for your help.  hope this makes sense. 

Share this post


Link to post
Share on other sites

OK. Kevin may want to see the file in question as well, however it's probably best to wait until he asks for it (if he hasn't already).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.