BigHotStud
-
Posts
93 -
Joined
-
Last visited
Posts posted by BigHotStud
-
-
This is the second time this month that I've noticed it's turned off and on during a full scan. It's been completely fine prior to this, but this month it's been acting up like hell. I ran full scans with Kaspersky SC, TDSSKiller and a second opinion scanner in both safe and normal modes, neither have found anything. What's going on? Do I have a rootkit or something?
-
So, one day I was looking through my %appdata% folder, looking for error logs since I was modding a game, only to come across "Goldberg steamemu saves". It caught my attention and checked it out, only to find .txt files inside of it. I found out that this belongs to Goldberg Emulator, but I never downloaded it. I looked online and found a post saying a game repack can have it. Though, I haven't pirated any games in over a year and haven't done so ever on my current installation of Windows. I also checked the creation date of the folder and it was created around a year ago on my current Windows installation.
I found some info that it could've been created by game repacks, but I've never pirated anything on this installation of Windows. I have no idea how it got there.
I've used SC since I installed Windows on this PC and have used a second opinion scanner several times in the past.
Though, I'm still concerned and confused as to how it got onto my computer. Should I reinstall Windows10, just in case?
-
-
Kaspersky, in the past, has picked up a file it couldn't process. It just showed up as "Proecessing error". It stopped appearing for a day or two, but soon after it "came back". The file is :
C:\Windows\WinSxS\amd64_microsoft-windows-e..-firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exeI got told to clear my browser cache and %temp%, then do another scan. I cleared %temp% and nothing really changed. I don't see the point in clearing my browser cache since this seems to be a windows file that installs my browser and nothing related to cookies or anything like that.
Is this something to worry about? Can I just delete it?
P.S- this file has been here for around a month and shows up in almost every full scan.
-
2 hours ago, Berny said:
@BigHotStud
Please run CMD as admin and proceed with "sfc /scannow" to check for system file related errors ?I already did as I mentioned in my previous post. It found some corrupted files and fixed them.
Also, the files that were corrupted, according to kaspersky, were:
C:\Users\{name}\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0022a8
C:\Windows\System32\sru\SRU.chkAre these safe files?
-
4 hours ago, Berny said:
@BigHotStud Please follow these steps :
- Clear your Temp Files → https://support.kaspersky.com/common/windows/1161
- Clear Browser cache
- Reboot
- Update Databases → Run a full scan
- Check Kaspersky reports
I mean, Kaspersky no longer shows the errors, so it's all fixed.
I'm more-so concerned about the "corrupt" files that Kaspersky file anti-virus found. Are they anything to worry about?
-
20 hours ago, Berny said:
Is this a randomly repeating issue ?
Please see this Kaspersky Support article https://support.kaspersky.com/common/error/other/14823
Also , can you please specify the not processed objects.As far as I know, it's the first time this' happened.
I did a scan today just to check and it seems that they're all gone- no unprocessed files or anything. The not porcessed objects it picked up yesterday before the restart were:
C:\Windows\WinSxS\amd64_microsoft-windows-e..-firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\101.0.1210.32\MicrosoftEdge_X64_101.0.1210.32_100.0.1185.50.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\101.0.1210.32\MicrosoftEdge_X64_101.0.1210.32_100.0.1185.50.exe
C:\ProgramData\NVIDIA Corporation\Downloader\5446351c34af95235422afe34721311d
Though, as mentioned, they didn't appear in the logs after a full scan today.There were also some "corrupt" files that file anti-virus reported around two weeks ago. In order from oldest to newest:
C:\Users\{name}\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0022a8
C:\Windows\System32\sru\SRU.chk
(These were never brought up again, not in full scans nor file anti-virus)Lastly, there was a file that was skipped:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\wmiav.exe
(This was never brought up again, not in full scans nor file anti-virus)The version of Kaspersky SC is the newest one: 21.3.10.391(i).
I did a sfc/scannow scan and it said it found some corrupted files which it fixed afterwards. I checked the logs out of curiosity and a few of Windows' folders had "Warning: Overlap" saying that they were either owned twice or had their security set twice. I assume that's normal, right?
The only theory I have regarding the shutdown was that Kaspersky updated something and that's why the unprocessed files aren't showing up anymore- it updated something that now allows Kaspersky to process them properly. I have no idea what the corrupt files mean though.
-
I was scanning my computer when I noticed KSC show up in the system tray thing on the right side. I click on it and I see "loading application", signifying that it had turned off. Full scans have found no detections or anything like that, only files that it couldn't process. I checked the logs and it says that it was turned off for around 5 seconds. Could it have been updating or what happened?
-
On 4/22/2022 at 7:51 AM, Igor Kurzin said:
Yes, you can manage scheduled tasks this way: press Start -> type taskschd.msc -> press Enter. Select Task Scheduler Library. You can analyze the tasks and press 'Disable' on the right.
Hello again, sorry that it took so long to get back to you. I had the application I suspected closed for the last two days or so and I've stopped noticing the window. I did notice an invisible, unnamed window open and close as soon as I went into the task witcher, but I also closed a program immediately before that and it was much slower than the one I kept seeing, so it could've been just task switcher bugging out. I've done several more scans with Kaspersky and it hasn't picked anything up. Glasswire doesn't pick up any suspicious connections either.
I looked through taskscheduler and I found some that didn't have an author or had a very weird author like system32/{name}/{name}. Here they are:
CDSSync
Schedule Scan
RunUpdateNotificationMgr
MsCtfMonitor
MaintenanceTasks
SpeechModelDownloadTask
SpaceManagerTask
UpdateUserPictureTask
BackgroundUploadTask
NetworkStateChangeTask
StartComponentCleanup
LoginCheck
Registration
SystemSoundsService
Logon
Notifications
ScanForUpdatesAsUser
ScanForUpdates
SmartRetry
FODCleanupTask
Diagnostics
StorageSense
dusmtask
DXGIAdapterCache
RegisterDevicePeriodic24
RegisterDeviceProtectionStateChanged
RegisterUserDevice
Device
Device User
CreateObjectTask
Pre-staged app cleanup
Backup
Microsoft Compatibility Appraiser
ProgramDataUpdater
RegisterDeviceLocationRightsChange
Do any of these raise any red flags? Am I safe?
-
1 hour ago, Igor Kurzin said:
Hi BigHotStud,
Can be something 'legal' working in the background.You can try to find out what it is by disabling other processes (start up tasks).
1.Start in Clean boot:
https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
2.Disable scheduled tasks:- go to c:\windows\system32\tasks
- create a folder with any name (e.g. 'Test')
- move all the contents of c:\windows\system32\tasks to this new folder
- restart PC
I think that might be the case, since I haven't really installed anything that'd be malicious (the only thing I can think of is the Bethesda launcher, but I'm 60% sure it was the official one), plus, two good antivirus engines didn't pick anything malicious up. I'm going to try disabling the "legal" program that I think is the main perpetrator for a day or so and see if that changes anything.
I'm not really comfortable tampering with system32, since I don't want to mess my system up. Is there any other way to find out what program it might be?
-
When playing game, I noticed that sometimes when I alt+tab there's a program that quickly closes almost as soon as I actually see the window switching screen. I can't get a good look at it, but I'm pretty sure it has no logo nor any name. It also doesn't have any sort of "body" (the window is just thin and transparent). I haven't really installed anything since I started having this problem. The only things I have were Vortex (a mod manager from nexusmods) and the Bethesda launcher, both of which, I think, had proper digital signatures and Kaspersky didn't pick anything up when installing. I also downloaded a .jpg or .png, but I don't think those contain malware (I can see file extensions/whether a file is an .exe, so I would've been able to tell if it was a program). Lastly, I did around 2-3 scans with Kaspersky SC Free since this started and it found some files it couldn't process in WinSxS (both are in a microsoft edge first time installer, which has a digital signature), but nothing malicious. I've been checking Glasswire (an internet connection monitoring software) from time to time. I don't see any suspicious programs connecting to the internet at the same times the window appears and closes, nor any seriously suspicious programs. I did notice my internet degrading at times for no real reason, but that could easily just be my bad inernet. My only idea was that it could be Wallpaper Engine, since I remember Steam asking whether I wanted to use local data or cloud data randomly, I chose local data. I don't remember if I did this before or after, but it was at around the same time the problem started occurring. I have no idea if WE is actually the culprit or not though. No one's tried to log into any accounts or anything either. Is it malware or something else? Is there any way to find out? I also did a scan with a second opinion scanner and it only got some tracking cookies, nothing malicious.
-
On 4/5/2022 at 4:49 AM, Wesly.Zhang said:
Hello, @BigHotStud
You don't worried about this error at all. This file is safe without any problem. It seem scan engine doesn't handle to process unpack the file correctly.
If you are convenience, you can sent the file to KL for analyses the fault reason for processing this file.
Regards.
Hey, it's been a few weeks and it seems like this file still can't properly unpack it. Is it safe to delete manually?
-
I notice that I get "Processing Error" on some files that Kaspersky SC scans. Most, if not all, are related to Microsoft Edge updates. One more curious one is just dalled data0000.res. It's object path is "C:\Windows\WinSxS\amd64_microsoft-windows-e..firsttimeinstaller_31bf3856ad364e35_10.0.19041.681_none_31051459c61ca882\MicrosoftEdgeStandaloneInstaller.exe//GUT//MicrosoftEdge_X64_85.0.564.67.exe.{0D50BFEC-CD6A-4F9A-964C-C7416E3ACB10}//".
Is this something to worry about? Normally I'd just delete files that have "Processing Error" in them myself, but seeing that this file is from WinSxS, I thought I'd ask here before deleting anything.
-
Global version
The Global version has no regional restrictions.Restrictions? Can you elaborate?
And, with the current political situations and data processing being done in Switzerland, Russia can’t do anything bad using Kaspersky, correct?
-
Hello @BigHotStud,
Welcome back!
Moderator @Schulte uses a registry query , see his reply in topic How To Know If I have the uk version of kaspersky, raised by @JohnSnow; maybe you could try that?
Thank you🙏,
Flood🐳+🐋
Additional resource:
How to find the name and the version number of a Kaspersky application
I’ve never used the registry editor before, how do I get to that registry?
Also, is there any difference between the regions? Say I download the Global version instead of the European version, would my data still be handled in Switzerland; would there be any difference?
-
I don’t remember which version of Kaspersky Security Cloud I installed. I know it was either European or International, but I don’t remember which one. Is there any way to check?
-
-
I was exploring the tools section of kaspersky and found Browser Configuration, I did a scan and it says it found two issues with my internet explorer (home page and error sending). Though, I don’t have internet explorer installed (it’s not in Optional Features in windows settings and not in the apps list). Is this some sort of bug?
-
@BigHotStud When a full Kaspersky scan doesn’t detect suspicious objects means that your system is clean.
Well, I ran two yesterday and one today, so I guess I’m safe. Thanks!
-
Was this only a “one time” incident ?
Please check Kaspersky → More tools → Reports ?
Please check your Windows Event Log ?
Also please proceed with CHKDSK ?
Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro, which happened after the ‘incident’, so I doubt it’s malware related.
Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down).
Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.
To add, I also downloaded a few Skyrim mods, but Kaspersky never picked them up and they came from a trustworthy site, so I doubt they were malicious.
-
Sorry for the triple post, meant to update the original.
-
Was this only a “one time” incident ?
Please check Kaspersky → More tools → Reports ?
Please check your Windows Event Log ?
Also please proceed with CHKDSK ?
Yes, it’s a one-time thing.
I haven’t downloaded anything except HitmanPro, which I downloaded after the ‘incident’, and a few skyrim mods from a trustworthy site.
Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down).
Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.
-
Was this only a “one time” incident ?
Please check Kaspersky → More tools → Reports ?
Please check your Windows Event Log ?
Also please proceed with CHKDSK ?
Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro for weeks, which happened after the ‘incident’, so I doubt it’s malware related.
Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down).
Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.
-
Was this only a “one time” incident ?
Please check Kaspersky → More tools → Reports ?
Please check your Windows Event Log ?
Also please proceed with CHKDSK ?
Yes, it’s a one-time thing. I haven’t downloaded anything except HitmanPro, which happened after the ‘incident’, so I doubt it’s malware related.
Kaspersky Reports show nothing indicating a failure or whatever, just that the full scan got stopped (because the app shut down).
Event log shows an error or two regarding “PerfDiag Logger”, but nothing about Kaspersky.
Kaspersky Security Cloud keeps turning off and on for some reason.
in Kaspersky Security Cloud
Posted
I'll try that out if it happens again.
Could it be malware though or is it just a software issue/bug?