poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #1 Are these normal processes? [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] + "Delete Cached Standalone Update Binary" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "Delete Cached Update Binary" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "Uninstall 23.209.1008.0002" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler" "Performs periodic Windows Update maintenance tasks." "(Verified) Microsoft Windows" "C:\Program Files\RUXIM\PLUGscheduler.exe" "Fri Sep 15 20:37:12 2023" "
Are these normal processes? [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] + "Delete Cached Standalone Update Binary" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "Delete Cached Update Binary" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "Uninstall 23.209.1008.0002" "Windows Command Processor" "(Verified) Microsoft Windows" "C:\WINDOWS\system32\cmd.exe" "Wed Oct 11 13:03:36 2023" " + "\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler" "Performs periodic Windows Update maintenance tasks." "(Verified) Microsoft Windows" "C:\Program Files\RUXIM\PLUGscheduler.exe" "Fri Sep 15 20:37:12 2023" "
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #2 These are marked as positive 1/76 on VirusTotal Attachments Untitleddddddddd.png 321.4 KB · Views: 1 Untitledddddddd.png 319.4 KB · Views: 1 DESKTOP-DL2BG03today.txt 598.7 KB · Views: 1 Untitleddddddd.png 336.4 KB · Views: 1 Untitledddddd.png 321.4 KB · Views: 1
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #3 Hi, These runonce entry's (RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE)) are legit and a part of Windows Update. windows-itpro-docs/windows/privacy/required-windows-11-diagnostic-events-and-fields.md at public ยท MicrosoftDocs/windows-itpro-docs
Hi, These runonce entry's (RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE)) are legit and a part of Windows Update. windows-itpro-docs/windows/privacy/required-windows-11-diagnostic-events-and-fields.md at public ยท MicrosoftDocs/windows-itpro-docs
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #4 and what about the images I posted?
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #5 You mean the VirusTotal detection? This will definitely be a false positive of one of the engines. Can you please share the VT links to see which engine it is?
You mean the VirusTotal detection? This will definitely be a false positive of one of the engines. Can you please share the VT links to see which engine it is?
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #6 There was a fourth user profile in Autoruns...IIS, what is this?
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #7 IIS (Internet Information Services) is also a part of Windows and used by different services e.g.
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #8 Maxstar said: You mean the VirusTotal detection? This will definitely be a false positive of one of the engines. Can you please share the VT links to see which engine it is? Click to expand... it says error now...
Maxstar said: You mean the VirusTotal detection? This will definitely be a false positive of one of the engines. Can you please share the VT links to see which engine it is? Click to expand... it says error now...
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #9 now IIS doesn't appear anymore...
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #10 poisonedSYS said: it says error now... Click to expand... Which error?
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #11 VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal Done thanks using a hotspot wifi, someone is blocking my wifi home connection
VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal VirusTotal Done thanks using a hotspot wifi, someone is blocking my wifi home connection
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #12 i can try also to use wireshark to see what's wrong on the home wifi connection
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #13 It is saying hash submitted and then error...this is from wireshark
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #14 The results of the engines SecureAge and Skyhigh (SWG) are definitely false positives and can be ignored.
The results of the engines SecureAge and Skyhigh (SWG) are definitely false positives and can be ignored.
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #15 https://file.io/AXxeNdGB2POe this is from the corrupted network by wireshark
Maxstar Windows Update Moderator, Security Analyst Staff member Joined Aug 16, 2015 Posts 10,853 Location The Netherlands Nov 12, 2023 #19 I don't know what you want to tell us with the above screenshots? Can you please describe the issue if you are experiencing problems with the internal (WiFi) network?
I don't know what you want to tell us with the above screenshots? Can you please describe the issue if you are experiencing problems with the internal (WiFi) network?
poisonedSYS Active member Joined Sep 13, 2023 Posts 31 Nov 12, 2023 #20 Multiple tcp port scan attacks, icmp redirect attacks, udp and tcp flooding, syn flooding and everytime it is from a different IP, surely masked by proxy.
Multiple tcp port scan attacks, icmp redirect attacks, udp and tcp flooding, syn flooding and everytime it is from a different IP, surely masked by proxy.