BigHotStud

I'll try that out if it happens again. Could it be malware though or is it just a software issue/bug?

This is the second time this month that I've noticed it's turned off and on during a full scan. It's been completely fine prior to this, but this month it's been acting up like hell. I ran full scans with Kaspersky SC, TDSSKiller and a second opinion scanner in both safe and normal modes, neither have found anything. What's going on? Do I have a rootkit or something?

So, one day I was looking through my %appdata% folder, looking for error logs since I was modding a game, only to come across "Goldberg steamemu saves". It caught my attention and checked it out, only to find .txt files inside of it. I found out that this belongs to Goldberg Emulator, but I never downloaded it. I looked online and found a post saying a game repack can have it. Though, I haven't pirated any games in over a year and haven't done so ever on my current installation of Windows. I also checked the creation date of the folder and it was created around a year ago on my current Windows installation. I found some info that it could've been created by game repacks, but I've never pirated anything on this installation of Windows. I have no idea how it got there. I've used SC since I installed Windows on this PC and have used a second opinion scanner several times in the past. Though, I'm still concerned and confused as to how it got onto my computer. Should I reinstall Windows10, just in case?

Anyone?

Kaspersky, in the past, has picked up a file it couldn't process. It just showed up as "Proecessing error". It stopped appearing for a day or two, but soon after it "came back". The file is : C:\Windows\WinSxS\amd64_microsoft-windows-e..-firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exe I got told to clear my browser cache and %temp%, then do another scan. I cleared %temp% and nothing really changed. I don't see the point in clearing my browser cache since this seems to be a windows file that installs my browser and nothing related to cookies or anything like that. Is this something to worry about? Can I just delete it? P.S- this file has been here for around a month and shows up in almost every full scan.

I already did as I mentioned in my previous post. It found some corrupted files and fixed them. Also, the files that were corrupted, according to kaspersky, were: C:\Users\{name}\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0022a8 C:\Windows\System32\sru\SRU.chk Are these safe files?

I mean, Kaspersky no longer shows the errors, so it's all fixed. I'm more-so concerned about the "corrupt" files that Kaspersky file anti-virus found. Are they anything to worry about?

As far as I know, it's the first time this' happened. I did a scan today just to check and it seems that they're all gone- no unprocessed files or anything. The not porcessed objects it picked up yesterday before the restart were: C:\Windows\WinSxS\amd64_microsoft-windows-e..-firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\101.0.1210.32\MicrosoftEdge_X64_101.0.1210.32_100.0.1185.50.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\101.0.1210.32\MicrosoftEdge_X64_101.0.1210.32_100.0.1185.50.exe C:\ProgramData\NVIDIA Corporation\Downloader\5446351c34af95235422afe34721311d Though, as mentioned, they didn't appear in the logs after a full scan today. There were also some "corrupt" files that file anti-virus reported around two weeks ago. In order from oldest to newest: C:\Users\{name}\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0022a8 C:\Windows\System32\sru\SRU.chk (These were never brought up again, not in full scans nor file anti-virus) Lastly, there was a file that was skipped: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\wmiav.exe (This was never brought up again, not in full scans nor file anti-virus) The version of Kaspersky SC is the newest one: 21.3.10.391(i). I did a sfc/scannow scan and it said it found some corrupted files which it fixed afterwards. I checked the logs out of curiosity and a few of Windows' folders had "Warning: Overlap" saying that they were either owned twice or had their security set twice. I assume that's normal, right? The only theory I have regarding the shutdown was that Kaspersky updated something and that's why the unprocessed files aren't showing up anymore- it updated something that now allows Kaspersky to process them properly. I have no idea what the corrupt files mean though.

I was scanning my computer when I noticed KSC show up in the system tray thing on the right side. I click on it and I see "loading application", signifying that it had turned off. Full scans have found no detections or anything like that, only files that it couldn't process. I checked the logs and it says that it was turned off for around 5 seconds. Could it have been updating or what happened?

Hello again, sorry that it took so long to get back to you. I had the application I suspected closed for the last two days or so and I've stopped noticing the window. I did notice an invisible, unnamed window open and close as soon as I went into the task witcher, but I also closed a program immediately before that and it was much slower than the one I kept seeing, so it could've been just task switcher bugging out. I've done several more scans with Kaspersky and it hasn't picked anything up. Glasswire doesn't pick up any suspicious connections either. I looked through taskscheduler and I found some that didn't have an author or had a very weird author like system32/{name}/{name}. Here they are: CDSSync Schedule Scan RunUpdateNotificationMgr MsCtfMonitor MaintenanceTasks SpeechModelDownloadTask SpaceManagerTask UpdateUserPictureTask BackgroundUploadTask NetworkStateChangeTask StartComponentCleanup LoginCheck Registration SystemSoundsService Logon Notifications ScanForUpdatesAsUser ScanForUpdates SmartRetry FODCleanupTask Diagnostics StorageSense dusmtask DXGIAdapterCache RegisterDevicePeriodic24 RegisterDeviceProtectionStateChanged RegisterUserDevice Device Device User CreateObjectTask Pre-staged app cleanup Backup Microsoft Compatibility Appraiser ProgramDataUpdater RegisterDeviceLocationRightsChange Do any of these raise any red flags? Am I safe?

I think that might be the case, since I haven't really installed anything that'd be malicious (the only thing I can think of is the Bethesda launcher, but I'm 60% sure it was the official one), plus, two good antivirus engines didn't pick anything malicious up. I'm going to try disabling the "legal" program that I think is the main perpetrator for a day or so and see if that changes anything. I'm not really comfortable tampering with system32, since I don't want to mess my system up. Is there any other way to find out what program it might be?

When playing game, I noticed that sometimes when I alt+tab there's a program that quickly closes almost as soon as I actually see the window switching screen. I can't get a good look at it, but I'm pretty sure it has no logo nor any name. It also doesn't have any sort of "body" (the window is just thin and transparent). I haven't really installed anything since I started having this problem. The only things I have were Vortex (a mod manager from nexusmods) and the Bethesda launcher, both of which, I think, had proper digital signatures and Kaspersky didn't pick anything up when installing. I also downloaded a .jpg or .png, but I don't think those contain malware (I can see file extensions/whether a file is an .exe, so I would've been able to tell if it was a program). Lastly, I did around 2-3 scans with Kaspersky SC Free since this started and it found some files it couldn't process in WinSxS (both are in a microsoft edge first time installer, which has a digital signature), but nothing malicious. I've been checking Glasswire (an internet connection monitoring software) from time to time. I don't see any suspicious programs connecting to the internet at the same times the window appears and closes, nor any seriously suspicious programs. I did notice my internet degrading at times for no real reason, but that could easily just be my bad inernet. My only idea was that it could be Wallpaper Engine, since I remember Steam asking whether I wanted to use local data or cloud data randomly, I chose local data. I don't remember if I did this before or after, but it was at around the same time the problem started occurring. I have no idea if WE is actually the culprit or not though. No one's tried to log into any accounts or anything either. Is it malware or something else? Is there any way to find out? I also did a scan with a second opinion scanner and it only got some tracking cookies, nothing malicious.

Hey, it's been a few weeks and it seems like this file still can't properly unpack it. Is it safe to delete manually?

I notice that I get "Processing Error" on some files that Kaspersky SC scans. Most, if not all, are related to Microsoft Edge updates. One more curious one is just dalled data0000.res. It's object path is "C:\Windows\WinSxS\amd64_microsoft-windows-e..firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exe//GUT//MicrosoftEdge_X64_85.0.564.67.exe.{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}//". Is this something to worry about? Normally I'd just delete files that have "Processing Error" in them myself, but seeing that this file is from WinSxS, I thought I'd ask here before deleting anything.

The Global version has no regional restrictions. Restrictions? Can you elaborate? And, with the current political situations and data processing being done in Switzerland, Russia can’t do anything bad using Kaspersky, correct?

I’ve never used the registry editor before, how do I get to that registry? Also, is there any difference between the regions? Say I download the Global version instead of the European version, would my data still be handled in Switzerland; would there be any difference?

I don’t remember which version of Kaspersky Security Cloud I installed. I know it was either European or International, but I don’t remember which one. Is there any way to check?

I was exploring the tools section of kaspersky and found Browser Configuration, I did a scan and it says it found two issues with my internet explorer (home page and error sending). Though, I don’t have internet explorer installed (it’s not in Optional Features in windows settings and not in the apps list). Is this some sort of bug?

Well, I ran two yesterday and one today, so I guess I’m safe. Thanks!

Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro, which happened after the ‘incident’, so I doubt it’s malware related. Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down). Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky. To add, I also downloaded a few Skyrim mods, but Kaspersky never picked them up and they came from a trustworthy site, so I doubt they were malicious.

Sorry for the triple post, meant to update the original.

Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro, which I downloaded after the ‘incident’, and a few skyrim mods from a trustworthy site. Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down). Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.

Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro for weeks, which happened after the ‘incident’, so I doubt it’s malware related. Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down). Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.

Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro, which happened after the ‘incident’, so I doubt it’s malware related. Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down). Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.