Need help verifying these findings

Page 3 of 3 FirstFirst 123

  1. Posts : 161
    Windows 10
       #21

    It's probably nothing serious. The reports return very little. I'm guessing the VT scans also returned the same. It's very unlikely you've come across a new strain of malware (which has remained undetected) unless you have been a target of a sophisticated attack using malware that at current has been undetected in the wild. And an attacker wouldn't waste their new weapons on a target they had very little confidence in returning the outcome they were seeking. So it's likely if it was malware it would be detected as such. The activity suggested by the reports would indicate that if it is anything suspicious it's likely not dangerous malware but something that likely came bundled with software you installed. The behavior seems pretty generic to me. It could be that you are using a pirated version of Windows and therefore certain files are not matching their genuine counterparts and that Windows has been deliberately prevented from running checks that would replace them. This would render tools like DISM obsolete if the system has been patched in some way to prevent this. If you are using a genuine copy then I'm confused as to why this would be happening considering it's trivial but in the grand scheme of things potentially leaves your system open to being exploited due to these executables not being signed and therefore not forming the highest level of implied trust required for security standards to be adhered to.

    Something has likely been patched. This is likely through user actions. This has resulted in a modified system configuration in some way reflecting the changes to Windows Security. Something may have been installed that while suspicious may not be malicious but which may have changed the system in some way. It is likely not malware in this instance.

    What you can do. You could carry on as it's likely not a major issue. I would be checking firewall logs for any irregular activity. Tools like Glasswire are invaluable in this regard as they show real-time network activity. Programs you don't often use, or at all in fact, that are reporting high activity on the network are what you want to be looking for. Continued high activity while you are doing very little and only observing will also leave no doubt something is running in the background that perhaps you want to look at. Seeing as you are not using Windows Security as you have ESET you can actually disable Windows Security and this should then prevent any of it's features from running. You can download standalone firewall solutions to replace the built-in firewall and so you can also disable this leaving little excuse for these features to be running after the fact.

    There is a topic started by another member where I posted the registry entries to comprehensively disable Windows Security. If the executable still remains then this is when you may be looking at malware as it should then have been disabled and removed from it's roles in all areas. At this point you could boot into safe mode and locate the executables in question and remove them manually. If they appear again after removing them and even while Windows Security has been disabled completely you could say with a high degree of confidence something is not right.

    Another solution would be to a do a fresh install on a completely wiped and santized drive and use a genuine Windows setup medium. No genuine setup medium would contain system files which are not consistent with signed counterparts that are available throughout many examples of other Windows installations. My installation for example has signed versions of these files.

    It's likely nothing serious though.
      My Computer


  2. Posts : 103
    Windows 10 Pro x64
    Thread Starter
       #22

    I need you
    supermammalego, why did you get banned!? i have some more info. Is there anyway to renew the old certificate on taskhostw.exe? How do i renew certificates on system32 files? Will Dism online do that? I did Dism and it said it worked, but if there is a chance its lying, thats why i ask you about if Dism will renew and replace those files in system32 with real and new certificates. I now updated windows to 2004. Please anyone that can answer this please do until Supermammalego is back
      My Computer


  3. Posts : 1,116
    win 10 pro x64 os build 20H2
       #23

    I have one suggestion for you but you will not like it. but i have had to do a few times start from scratch, do you have anything of important on this PC do you need anything from it? , if not or if so grab your USB drives the biggest you have, and back up all the important stuff, don't put this back on your pc after scan them first before you do so. Re load windows completely, and i mean not just in place upgrade , a full complete install, make yourself install media but do it from another PC not the one you are on, incase it has serious malware or virus, then ones made, reboot and load from that drive format reinstall, complete format , delete it all. that's i can say and probably the best solution for you. I'm sorry this happened to you , but sometimes the best solutions are to start over. i wish you luck.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:27.
Find Us




Windows 10 Forums