Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Rick

Pages: [1] 2 3 ... 54
2
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc]
@=""
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,\
  00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,\
  00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
  65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,\
  00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
  63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,\
  6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,00,00
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
  6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,\
  00,73,00,6f,00,66,00,74,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
  79,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,5c,00,4d,00,73,00,4d,00,70,\
  00,45,00,6e,00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="Microsoft Antimalware Service"
"Group"="COM Infrastructure"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="@c:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-240"
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
  00,03,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00
"FailureCommand"="C:\\windows\\system32\\mrt.exe /EHB /ServiceFailure \"CAMP=4.10.209.0;approximate-> Engine=1.1.14500.5;AVSIG=1.261.1581.0;ASSIG=1.261.1581.0\" /StartService  /q"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc\Security]
"Security"=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
  14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
  00,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,\
  57,00,77,6e,c0,02,64,87,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,\
  00,00,00,3a,3f,54,17,c7,6d,22,66,67,bc,fc,c9,ee,26,9d,63,c9,b0,cf,b1,00,00,\
  28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,6c,5d,d9,28,cc,d7,59,\
  85,5a,0f,5a,55,be,f2,ab,71,4e,43,51,91,01,01,00,00,00,00,00,05,12,00,00,00,\
  01,01,00,00,00,00,00,05,12,00,00,00


3
MSE Services is grayed out


4
Did find that;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"UpdatesDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1"=hex(b):19,0d,da,5d,3f,04,ca,01
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

5
Don't need invent problems


6
Yes, it was necessary run combofix;

downloaded this tool;
http://www.thewindowsclub.com/repair-microsoft-security-essentials-with-fix-mse-utility
after re-installing MSE,  this program says MSE is not installed;




7
Already uninstalled, reinstalled
Combofix
Malware bytes

Image attached

8
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 10:58:22 PM »
Yes,

MWB caught the infection in administrator mode;
BEta testing it for several days to make sure it don't come back

I provide the THE .REG files as some of the sites said to remove the program through normal channels, yet it didn't appear their and .REG keys were locked, could not delete them in ADM mode...

It's time to start the AI reduction act next;

9
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 10:03:23 AM »
Everyone knows ad companies looking for ways to avoid being blocked...

They tried with the best, they will fail with the rest!

FYI, .reg files needed to help companies enable clean fixes, including my favorite tweaking site!

Nice day

10
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 27, 2018, 05:43:01 AM »
Yes,

Will have a try; have a question;

Whats differences between https://toolslib.net/downloads/viewdownload/83-unhackme and "MWB"

"Seems to be hidden in Firefox"
Using Ublock origins, will remove this program to see the effect! "no effect".
Its extremely dangerous as it could capture the password file in firefox!

https://greatis.com/blog/how-to/cut-off-netutils2016-exe-virus.htm
Seems has a new name and can not delete registry values too...

{"ext":"http://jackhopes.com/ext/zl.sild.js","black_list":["google.com","facebook.com","jackhopes.com","ww-searchings.com"],"include_process_list":["spark.exe","chrome.exe","iexplore.exe","MicrosoftEdgeCP.exe","MicrosoftEdgeCP.ex","MicrosoftEdgeCP.e","MicrosoftEdgeCP.","MicrosoftEdgeCP","MicrosoftEdgeC","MicrosoftEdge","firefox.exe","citrio.exe","launcher.exe","crossbrowse.exe","torch.exe","opera.exe","bobrowser.exe","maxthon.exe","browser.exe","ucbrowser.exe","safari.exe","avant.exe","360se.exe","360chrome.exe"],"log":{"inj":false},"locker":{"enable":false,"url":"http://ww-searchings.com/?r=[UID]","target":{"spark.exe":"","chrome.exe":"","iexplore.exe":"","launchwinapp.exe":"","360se.exe":"","MicrosoftEdgeCP.exe":""}},"hosts":{"match":["v9.com","*.v9.com"],"target":"47.89.13.118"},"redirect":{"match":["www-searching.com/*"],"sig":"dir","target":"http://ww-searchings.com/?sig=dir&r=[UID]&f=[URL]"}}

"Note Zip file .reg keys"

Deleted it using "sysinternals" returned the file too;

Can send to MWB or offer solution

TIA

11
Computer Help / Re: WARNING "CLASS ONE"... and GAME ON!
« on: April 26, 2018, 12:39:11 PM »
Clicking on any web page anywhere brings me to other websites...




13
Is there a way people can kill these services?

https://www.yahoo.com/news/facebook-listen-microphone-track-youre-logged-facts-120451355.html

Poor facebook caught giving foreign countries the upper hand;

How can one sure to delete any facebook services from the registey?


14
Computer Help / Re: what is proxyfire.net doing under 127.0.0.1
« on: April 15, 2018, 12:24:20 AM »
better to know it's safe than sorry;

TIA

15
Computer Help / Re: what is proxyfire.net doing under 127.0.0.1
« on: April 14, 2018, 12:02:41 AM »
Opened that folder, copied the files here for viewing

Let me know anything needs attending

rather busy recently

TIA


Pages: [1] 2 3 ... 54
anything