Windows 10: Build 14371 and 14372 Anomoly .b8527aa Solved

Page 4 of 5 FirstFirst ... 2345 LastLast
  1.    25 Jun 2016 #31

    Wynona said: View Post
    It started out as "How do you want to open this file" that we couldn't get rid of.

    I told it to open with Word, but that didn't work, then Notetab and that didn't work.

    I scanned with Windows Defender, and it didn't find any threats, so I didn't run Malwarebytes. Simrick said we should run it anyway, and then Malwarebytes found a rootkit.

    So, that started the hunt . . . and Simrick posted the results earlier. I gotta go back and read it to see what all was there.
    OK, was it more than just this ?

    Build 14371 and 14372 Anomoly .b8527aa - Page 2 - Windows 10 Forums
      My ComputersSystem Spec


  2. Posts : 14,370
    Windows 10 Insider Preview
    Thread Starter
       25 Jun 2016 #32

    COMPUTIAC said: View Post
    Methinks this nasty was enough!

    Rootkit.Fileless.MTGen, C:\Users\nlrai\AppData\Local\6d52e7\5e805e.bat, , [58cfdd24861477bf89c8fd9d798b7a86],

    Note that it has a batch file included! Not that I know all that much, but it met its match with Simrick!
      My ComputerSystem Spec


  3. Posts : 14,370
    Windows 10 Insider Preview
    Thread Starter
       25 Jun 2016 #33

    I had printed some coupons, but hadn't installed any coupon printers.

    I also installed PDF Xchange from Tracker Software.

    Simrick thinks one or the other carried in the virus. However, I'm not too suspicious of PDF Xchange because y'all discussed it in that "useless" thread.
      My ComputerSystem Spec

  4.    25 Jun 2016 #34

    Wynona said: View Post
    I had printed some coupons, but hadn't installed any coupon printers.

    I also installed PDF Xchange from Tracker Software.

    Simrick thinks one or the other carried in the virus. However, I'm not too suspicious of PDF Xchange because y'all discussed it in that "useless" thread.
    PDF Xchange did cause an unexplained problem with my 'puter. I had to remove it to stop the problem.
      My ComputersSystem Spec


  5. Posts : 14,370
    Windows 10 Insider Preview
    Thread Starter
       25 Jun 2016 #35

    COMPUTIAC said: View Post
    PDF Xchange did cause an unexplained problem with my 'puter. I had to remove it to stop the problem.
    Oh, my! What was it doing?
      My ComputerSystem Spec

  6.    25 Jun 2016 #36

    Wynona said: View Post
    Oh, my! What was it doing?
    It was causing this in Reliability Monitor every morning I started the 'puter.
    Below is the first day I installed it and had 844 event's, all the same.

    Click image for larger version. 

Name:	this.JPG 
Views:	3 
Size:	100.4 KB 
ID:	86823

    It did the same thing four days in a row. Then I removed it and reinstalled it.

    The next morning it did this again.

    Click image for larger version. 

Name:	next.JPG 
Views:	2 
Size:	86.9 KB 
ID:	86825

    No one could replicate it on their 'puter's at all and I'm not saying it will do anything to yours
    but be aware of what it did do to mine.
      My ComputersSystem Spec


  7. Posts : 14,370
    Windows 10 Insider Preview
    Thread Starter
       25 Jun 2016 #37

    COMPUTIAC said: View Post
    It was causing this in Reliability Monitor every morning I started the 'puter.
    Below is the first day I installed it and had 844 event's, all the same.

    Click image for larger version. 

Name:	this.JPG 
Views:	3 
Size:	100.4 KB 
ID:	86823

    It did the same thing four days in a row. Then I removed it and reinstalled it.

    The next morning it did this again.

    Click image for larger version. 

Name:	next.JPG 
Views:	2 
Size:	86.9 KB 
ID:	86825

    No one could replicate it on their 'puter's at all and I'm not saying it will do anything to yours
    but be aware of what it did do to mine.
    Y'know, since you had that, maybe you should run Malwarebytes too.

    Simrick and I didn't think my problem was a rootkit, but that's what it turned out to be. And! Windows Defender didn't find it!
      My ComputerSystem Spec

  8.    25 Jun 2016 #38

    Wynona said: View Post
    Y'know, since you had that, maybe you should run Malwarebytes too.

    Simrick and I didn't think my problem was a rootkit, but that's what it turned out to be. And! Windows Defender didn't find it!
    I do run Malwarebytes and Superantispyware I have the scheduled to scan every Sunday morning.
    I don't have much confidence in Defender at all.
      My ComputersSystem Spec


  9. Posts : 14,370
    Windows 10 Insider Preview
    Thread Starter
       25 Jun 2016 #39

    COMPUTIAC said: View Post
    I do run Malwarebytes and Superantispyware I have the scheduled to scan every Sunday morning.
    I don't have much confidence in Defender at all.
    OK, then I'd guess we can rule out PDF-Xchange as the culprit. Which means it's the coupon thing that I absolutely know I didn't install on my computer.

    Not gonna click on any more "Print Coupon" buttons either!
      My ComputerSystem Spec


  10. Posts : 11,234
    W10Prox64
       26 Jun 2016 #40

    Wynona said: View Post
    OK, then I'd guess we can rule out PDF-Xchange as the culprit. Which means it's the coupon thing that I absolutely know I didn't install on my computer.

    Not gonna click on any more "Print Coupon" buttons either!
    Wynona, I don't know what to say. We may never know the method of infection. For all we know it could have been a compromised web site. Hard to say with a file-less rootkit, because they delete their files after they attack, and just sit in the registry.

    Since the second MBAM scan came up clean, I guess you can mark this thread as solved.
      My ComputerSystem Spec


 
Page 4 of 5 FirstFirst ... 2345 LastLast

Related Threads
747914614780792833 746101015137624066 Source: Announcing Windows 10 Insider Preview Build 14372 for PC and Mobile | Windows Experience Blog
745647988274401283 Source: Announcing Windows 10 Insider Preview Build 14371 for PC | Windows Experience Blog How to Start or Stop Receiving Insider Builds in Windows 10
745376304942350337 Source: Announcing Windows 10 Mobile Insider Preview Build 14371 | Windows Experience Blog How to Update to Windows 10 Mobile Insider Preview Builds for Phones
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:05.
Find Us