Windows 10 Recovery Tools - Bootable Rescue Disk


  1. tienchien1
    Posts : 8
    10
       New #1301

    When I boot windows pe, I scan with malwarebytes new version, detect PUP in partition X:

    ????

    Malwarebytes
    Free Cyber Security & Anti-Malware Software | Malwarebytes


    -Log Details-
    Scan Date: 4/25/18
    Scan Time: 11:11 PM
    Log File: 8d119864-48ff-11e8-8c18-2c4d544e0a6f.json
    Administrator: Yes


    -Software Information-
    Version: 3.4.5.2467
    Components Version: 1.0.342
    Update Package Version: 1.0.4874
    License: Trial


    -System Information-
    OS: Windows 10 (Build 14393.0)
    CPU: x64
    File System: NTFS
    User: System


    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 115717
    Threats Detected: 4
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 1 min, 29 sec


    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect


    -Scan Details-
    Process: 1
    Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874


    Module: 1
    Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874


    Registry Key: 0
    (No malicious items detected)


    Registry Value: 0
    (No malicious items detected)


    Registry Data: 0
    (No malicious items detected)


    Data Stream: 0
    (No malicious items detected)


    Folder: 0
    (No malicious items detected)


    File: 2
    Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874
    PUP.Optional.ProductKeyFinder, X:\PROGRAM FILES\PRODUKEY\PRODUKEY.EXE, No Action By User, [12874], [86094],1.0.4874


    Physical Sector: 0
    (No malicious items detected)




    (end)
    Last edited by tienchien1; 25 Apr 2018 at 11:35.
      My Computer

  3. Kyhi
    Posts : 4,142
    Windows 3.1 to Windows 11
    Thread Starter
       New #1302

    Not sure what you finding and flagging with MBAM
      My Computer

  4. tienchien1
    Posts : 8
    10
       New #1303

    This is log file.

    Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 4/25/18Scan Time: 11:11 PMLog File: 8d119864-48ff-11e8-8c18-2c4d544e0a6f.jsonAdministrator: Yes-Software Information-Version: 3.4.5.2467Components Version: 1.0.342Update Package Version: 1.0.4874License: Trial-System Information-OS: Windows 10 (Build 14393.0)CPU: x64File System: NTFSUser: System-Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 115717Threats Detected: 4Threats Quarantined: 0(No malicious items detected)Time Elapsed: 1 min, 29 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 1Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874Module: 1Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 2Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE, No Action By User, [836], [205052],1.0.4874PUP.Optional.ProductKeyFinder, X:\PROGRAM FILES\PRODUKEY\PRODUKEY.EXE, No Action By User, [12874], [86094],1.0.4874Physical Sector: 0(No malicious items detected)(end)
      My Computer

  6. Kyhi
    Posts : 4,142
    Windows 3.1 to Windows 11
    Thread Starter
       New #1304

    windx.exe is the file that launches the Desktop in PESE
      My Computer

  7. tienchien1
    Posts : 8
    10
       New #1305

    Kyhi said:
    windx.exe is the file that launches the Desktop in PESE


    Why is it reported as troajn.download? This is false positive? On your system, is it reporting this?
      My Computer

  8. Kyhi
    Posts : 4,142
    Windows 3.1 to Windows 11
    Thread Starter
       New #1306

    the file is not a common file. So chances are it has not been through AV testing..
    So what you are getting is a false report.
    Wind.exe is used for Show Desktop
    PESE has been downloaded well over a million times and it is safe to run.
    This rescue media and this thread would not be as popular if there was an issue.
    And surely the Admins of this forum would not allow this topic, if anything about it was unsafe to the users of this forum..

    Enjoy!
    KYHI
    Last edited by Kyhi; 26 Apr 2018 at 13:52.
      My Computer

  9. SIW2
    Posts : 4,571
    several
       New #1307

    windx is not needed. If you are using pecmd in English ( that will be my modification).

    Current stable versions
    PECMD2012.1.88.05.79Stable-171206x64-EN.zip

    PECMD2012.1.88.05.79Stable-171206x86-EN.zip
      My Computer

  10. SIW2
    Posts : 4,571
    several
       New #1308

    16299x64 pe
    16299x64-v2.iso
      My Computer

  12. simrick
    Posts : 16,325
    W10Prox64
       New #1309

    Just to be sure you both are talking about the same thing....one has windx.exe and the other wind.exe

    Kyhi said:
    windx.exe is the file that launches the Desktop in PESE
    Trojan.Downloader, X:\WINDOWS\SYSTEM32\WIND.EXE
      My Computer

  13. Superfly
    Posts : 3,453
       New #1310

    ...and
    Code:
    PUP.Optional.ProductKeyFinder, X:\PROGRAM FILES\PRODUKEY\PRODUKEY.EXE, No Action By User, [12874],
    still popping PUP's ... LOL. Windows 10 Recovery Tools - Bootable Rescue Disk-mocking.gif
      My Computer

 

  Related Discussions
Two days ago my laptop would not boot up and I got an 0xC000 0098 error code. Using bootrec /buildBCD did not work, and bootrec reported that it found 0 windows partitions on the laptop, even though I multiboot that system between a "production"...
What is the function of a recovery partition? Under what circumstance is it needed/used? If you have a made a rescue disk to boot your computer is it needed? Thanks for your help
I have a purchased copy of Macruim Reflect running on my Main (64bit) W10 PC, and a free copy of Reflect running on my detachable laptop, which, though is 64 bit, only runs W10 32 bit. My question is simple, do I need two separate Macruim USB...
After I did a clean install of Win10 about a year ago, I created a USB Recovery Drive. I also have a Norton Security Recovery Drive and I’ve created USB Bootable PE Rescue Disk by Kyhi. I also use Acronis to create regular full disk images and I...
I have Win 10 64bit. I was told that I need to create a bootable disk on a USB by someone in our local store. When I asked him how many GB's he said in the 20's. I did not buy it, but much later went back and a different guy said 28GB but I should...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:56.
Find Us




Windows 10 Forums