Build 14371 and 14372 Anomoly .b8527aa

Page 4 of 5 FirstFirst ... 2345 LastLast
  1.    #31

    Wynona said:
    It started out as "How do you want to open this file" that we couldn't get rid of.

    I told it to open with Word, but that didn't work, then Notetab and that didn't work.

    I scanned with Windows Defender, and it didn't find any threats, so I didn't run Malwarebytes. Simrick said we should run it anyway, and then Malwarebytes found a rootkit.

    So, that started the hunt . . . and Simrick posted the results earlier. I gotta go back and read it to see what all was there.
    OK, was it more than just this ?

    Build 14371 and 14372 Anomoly .b8527aa - Page 2 - Windows 10 Forums
      My Computer

  2. Wynona's Avatar
    Posts : 26,104
    Windows 10 1909 Build 18363.657
    Thread Starter
       #32

    COMPUTIAC said:
    Methinks this nasty was enough!

    Rootkit.Fileless.MTGen, C:\Users\nlrai\AppData\Local\6d52e7\5e805e.bat, , [58cfdd24861477bf89c8fd9d798b7a86],

    Note that it has a batch file included! Not that I know all that much, but it met its match with Simrick! :)
      My Computer

  3. Wynona's Avatar
    Posts : 26,104
    Windows 10 1909 Build 18363.657
    Thread Starter
       #33

    I had printed some coupons, but hadn't installed any coupon printers.

    I also installed PDF Xchange from Tracker Software.

    Simrick thinks one or the other carried in the virus. However, I'm not too suspicious of PDF Xchange because y'all discussed it in that "useless" thread. :)
      My Computer

  4.    #34

    Wynona said:
    I had printed some coupons, but hadn't installed any coupon printers.

    I also installed PDF Xchange from Tracker Software.

    Simrick thinks one or the other carried in the virus. However, I'm not too suspicious of PDF Xchange because y'all discussed it in that "useless" thread. :)
    PDF Xchange did cause an unexplained problem with my 'puter. I had to remove it to stop the problem.
      My Computer

  5. Wynona's Avatar
    Posts : 26,104
    Windows 10 1909 Build 18363.657
    Thread Starter
       #35

    COMPUTIAC said:
    PDF Xchange did cause an unexplained problem with my 'puter. I had to remove it to stop the problem.
    Oh, my! What was it doing?
      My Computer

  6.    #36

    Wynona said:
    Oh, my! What was it doing?
    It was causing this in Reliability Monitor every morning I started the 'puter.
    Below is the first day I installed it and had 844 event's, all the same.

    Build 14371 and 14372 Anomoly .b8527aa-.jpg

    It did the same thing four days in a row. Then I removed it and reinstalled it.

    The next morning it did this again.

    Build 14371 and 14372 Anomoly .b8527aa-next.jpg

    No one could replicate it on their 'puter's at all and I'm not saying it will do anything to yours
    but be aware of what it did do to mine.
      My Computer

  7. Wynona's Avatar
    Posts : 26,104
    Windows 10 1909 Build 18363.657
    Thread Starter
       #37

    COMPUTIAC said:
    It was causing this in Reliability Monitor every morning I started the 'puter.
    Below is the first day I installed it and had 844 event's, all the same.

    Build 14371 and 14372 Anomoly .b8527aa-.jpg

    It did the same thing four days in a row. Then I removed it and reinstalled it.

    The next morning it did this again.

    Build 14371 and 14372 Anomoly .b8527aa-next.jpg

    No one could replicate it on their 'puter's at all and I'm not saying it will do anything to yours
    but be aware of what it did do to mine.
    Y'know, since you had that, maybe you should run Malwarebytes too.

    Simrick and I didn't think my problem was a rootkit, but that's what it turned out to be. And! Windows Defender didn't find it!
      My Computer

  8.    #38

    Wynona said:
    Y'know, since you had that, maybe you should run Malwarebytes too.

    Simrick and I didn't think my problem was a rootkit, but that's what it turned out to be. And! Windows Defender didn't find it!
    I do run Malwarebytes and Superantispyware I have the scheduled to scan every Sunday morning.
    I don't have much confidence in Defender at all.
      My Computer

  9. Wynona's Avatar
    Posts : 26,104
    Windows 10 1909 Build 18363.657
    Thread Starter
       #39

    COMPUTIAC said:
    I do run Malwarebytes and Superantispyware I have the scheduled to scan every Sunday morning.
    I don't have much confidence in Defender at all.
    OK, then I'd guess we can rule out PDF-Xchange as the culprit. Which means it's the coupon thing that I absolutely know I didn't install on my computer.

    Not gonna click on any more "Print Coupon" buttons either!
      My Computer

  10. simrick's Avatar
    Posts : 15,947
    W10Prox64
       #40

    Wynona said:
    OK, then I'd guess we can rule out PDF-Xchange as the culprit. Which means it's the coupon thing that I absolutely know I didn't install on my computer.

    Not gonna click on any more "Print Coupon" buttons either!
    Wynona, I don't know what to say. We may never know the method of infection. For all we know it could have been a compromised web site. Hard to say with a file-less rootkit, because they delete their files after they attack, and just sit in the registry.

    Since the second MBAM scan came up clean, I guess you can mark this thread as solved. :)
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:12.
Find Us




Windows 10 Forums