windows 10 pro with windows defenders is seeing kali iso for virtual box as a virus and exploits threat and cannot delete the percieved threats and is hung on taking action on the threats. windows defender is running high cpu usage seems to have locked the files so another anti virus scanner ex: (microsoft safety scanner) goes sofar then stop scanning. I cannot delete the iso file or delete the percieved threats. I am asking for help from my brilliant forum members and staff .
cannot delete kali iso
- Thread starter carl a
- Start date
- Feb 12, 2015
- 1,884
Hi, carl a.
Here we can check your computer for malware.
To do so, please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
Here we can check your computer for malware.
To do so, please do the following:
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
- Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
- Feb 12, 2015
- 1,884
Hello.
Thank you for the logs. FRST tool is a very powerful tool for diagnosing and fixing errors, and therefore intensive training is needed for using it. Not so simple.
While I am reviewing your logs...
Please, adhere to the guidelines below:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
Thank you for the logs. FRST tool is a very powerful tool for diagnosing and fixing errors, and therefore intensive training is needed for using it. Not so simple.
While I am reviewing your logs...
Please, adhere to the guidelines below:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
- Feb 12, 2015
- 1,884
Hi, Carl.
Here are my first comments/instructions regarding your logs:
1. Uninstall programs
1.1. Remote programs
Do you need/use these remote programs? If not, please uninstall them.
1.2. Java
There are very few reasons these days to continue having Java installed on your computer and I recommend that you uninstall it. Keep it only if you need it.
You can read more about why you don't need Java, here: Java, the Never-Ending Saga.
1.3. AppNHost 1.0.5.1
Do you need/use AppNHost 1.0.5.1? If not, then uninstall it.
1.4. Optimizers/Cleaners/Boosters...
We do not recomment these programs. It is your computer and certainly your choice. However, please consider that with registry cleaners and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. You have these programs installed in your computer, and I strongly recommend you to uninstall them:
To uninstall any (or all) of the above programs:
After that, I will need fresh FRST logs.
2. Fresh FRST logs
In your next reply please post:
Here are my first comments/instructions regarding your logs:
1. Uninstall programs
1.1. Remote programs
Do you need/use these remote programs? If not, please uninstall them.
Code:
Chrome Remote Desktop Host
Remote Desktop 2.4
TeamViewer1.2. Java
There are very few reasons these days to continue having Java installed on your computer and I recommend that you uninstall it. Keep it only if you need it.
Code:
Java 8 Update 291You can read more about why you don't need Java, here: Java, the Never-Ending Saga.
1.3. AppNHost 1.0.5.1
Do you need/use AppNHost 1.0.5.1? If not, then uninstall it.
1.4. Optimizers/Cleaners/Boosters...
We do not recomment these programs. It is your computer and certainly your choice. However, please consider that with registry cleaners and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. You have these programs installed in your computer, and I strongly recommend you to uninstall them:
Code:
Glary Utilities 5.156
PC Services Optimizer
System Ninja version 3.2.9
UVK - Ultra Virus KillerTo uninstall any (or all) of the above programs:
- Press the Windows Key + R.
- Type appwiz.cpl in the Run box and click OK.
- The Add/Remove Programs list will open. Locate the following programs on the list:
Code:
Glary Utilities 5.156
PC Services Optimizer
System Ninja version 3.2.9
UVK - Ultra Virus Killer
Java 8 Update 291
AppNHost 1.0.5.1
Chrome Remote Desktop Host
Remote Desktop 2.4
TeamViewer- Select the above programs, one by one, and click Uninstall.
- Restart the computer.
After that, I will need fresh FRST logs.
2. Fresh FRST logs
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
In your next reply please post:
- Which programs did you uninstall?
- The fresh FRST logs (Addition and FRST).
- Feb 12, 2015
- 1,884
Back to you. :)
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
2. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
3. Run Malwarebytes (Scan mode)
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
In your next reply, please post:
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2189376719-764004472-2637532677-1004_Classes\CLSID\{EF706AB3-1E0E-4C5B-A40F-023F0FA36E12}\localserver32 -> C:\Windows\System32\RunDll32.exe "E:\Program Files\Soft Organizer\Notifications.dll",Activate -ToastActivated => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
MSCONFIG\Services: HitmanProScheduler => 2
HKLM\...\StartupApproved\Run: => "Unattend0000000001{CE58C3D5-9684-4456-BEEC-DD2CD1B5D3A2}"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Unattend0000000001{CE58C3D5-9684-4456-BEEC-DD2CD1B5D3A2}"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\...\StartupApproved\Run: => "appnhost"
FirewallRules: [{3CF50351-8582-4FF2-9856-07C800CB4A3C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\91.0.4472.10\remoting_host.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2189376719-764004472-2637532677-1004\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {9617662E-EDFF-4ECB-9740-C48B2634D6BC} - System32\Tasks\CCleaner Update => C:\Users\acarl\Downloads\Downloads\Ccleaner\CCUpdate.exe
Task: {9B919A57-40E5-4A67-9EAD-FCE359AF3883} - System32\Tasks\CCleanerSkipUAC => C:\Users\acarl\Downloads\Downloads\Ccleaner\CCleaner.exe
Task: {D74D79F8-B116-40ED-8C74-B92556EB2319} - System32\Tasks\Soft Organizer Applications Updates Check => E:\Program Files\Soft Organizer\SoftOrganizer.exe
S4 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\91.0.4472.10\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\acarl\Downloads\kali-linux-2021.1-installer-amd64.iso
C:\Users\acarl\Downloads\Windows_Repair_Toolbox.exe
C:\Users\acarl\Downloads\Windows_Repair_Toolbox.exe.config
C:\Users\acarl\AppData\Roaming\Everything
C:\Users\acarl\AppData\Local\Everything
C:\NPE
C:\Users\acarl\AppData\Local\NPE
C:\ProgramData\Norton
C:\Users\acarl\Downloads\Downloads\Ccleaner
E:\Program Files\Soft Organizer
C:\Program Files (x86)\Google\Chrome Remote Desktop
C:\ProgramData\Google\Chrome Remote Desktop
EmptyTemp:
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
2. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)[/*]
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
3. Run Malwarebytes (Scan mode)
- Open Malwarebytes you have already installed.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:Under the title Scan Options, all the options are checked. Under the title Windows Security Center (Premium only) the option is NOT checked. Under the title Potentially unwanted items all options are set to Always. - Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- The fixlog.txt
- The AdwCleaner[S0*].txt
- The Malwarebytes report
- Feb 12, 2015
- 1,884
Can you please run the following fix? I have the impression that something is wrong.
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CloseProcesses:
C:\Users\acarl\Downloads\kali-linux-2021.1-installer-amd64.iso
C:\Users\acarl\Downloads\Windows_Repair_Toolbox.exe
C:\Users\acarl\Downloads\Windows_Repair_Toolbox.exe.config
C:\Users\acarl\AppData\Roaming\Everything
C:\Users\acarl\AppData\Local\Everything
C:\NPE
C:\Users\acarl\AppData\Local\NPE
C:\ProgramData\Norton
C:\Users\acarl\Downloads\Downloads\Ccleaner
E:\Program Files\Soft Organizer
C:\Program Files (x86)\Google\Chrome Remote Desktop
C:\ProgramData\Google\Chrome Remote Desktop
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
- Feb 12, 2015
- 1,884
Thanks for the good words. However, I would wait until the end of the process. 
Let me now see fresh FRST logs please, FRST.txt and Addition.txt.
Note: Here now it is 21:40, so perhaps I will not be able to review the fresh logs. In that case, tomorrow.
Let me now see fresh FRST logs please, FRST.txt and Addition.txt.
Note: Here now it is 21:40, so perhaps I will not be able to review the fresh logs. In that case, tomorrow.
- Feb 12, 2015
- 1,884
Hi, Carl.
Good to know that everything looks fine now.
Let's complete the process.
1. FRST fix
Just to remove some leftovers and check a policy.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
2. ESET Online Scanner
The logs are clean. This check is just to ensure that.
Download ESET Online Scanner and save it to your desktop.
In your next reply please post:
Good to know that everything looks fine now.
Let's complete the process.
1. FRST fix
Just to remove some leftovers and check a policy.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
MSCONFIG\Services: Remote Desktop Service => 3
MSCONFIG\Services: TeamViewer => 2
C:\Users\acarl\Downloads\Windows_Repair_Toolbox.zip
cmd: type C:\ProgramData\NTUSER.pol
EmptyTemp:
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
2. ESET Online Scanner
The logs are clean. This check is just to ensure that.
Download ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
In your next reply please post:
- The fixlog.txt
- The eset.txt
- Feb 12, 2015
- 1,884
Back. :)
Probably Windows Defender detects FRST as a threat. There are today's reports that this is happening with the updated version of the tool. Of course it is a false/positive detection. Or just it detects the files already in quarantine.
Let's perform another FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
Probably Windows Defender detects FRST as a threat. There are today's reports that this is happening with the updated version of the tool. Of course it is a false/positive detection. Or just it detects the files already in quarantine.
Let's perform another FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
Powershell: Get-MpThreatDetection
2021-05-18 12:55 - 2021-05-18 12:55 - 000000008 __RSH C:\ProgramData\ntuser.pol
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
Last edited:
Good Morning DR M I just saw your yesterday reply today at 6:18 am my time. and you are right defender saw the quarantine kail iso as a threat and keep reporting it as a exploit and kept my cpu usage high but now its all gone the kali iso along with its effect on my computer. you performed a great task with much skill and persistence.
Has Sysnative Forums helped you? Please consider donating to help us support the site!