sara005
New member
- Mar 19, 2021
- 1
I posted this message in reddit
"Greetings Redditors, I am encountering this recent error concerning the updates to my OS. I have surfed he internet and youtube and found that this error is caused when the "Windows Update" service is missing. I did follow a tutorial to register the keys again ( mind you that i backed up my keys and used it but for some reason the service i recreated didn't work, so i copy pasted a registry from an article and it worked) The updates were downloaded perfectly and i restarted my laptop to install and apply. However, nothing changed and the Windows Update service was removed !! and the error kept happening .
I repeated the process several times, whenever i restart my laptop ,the Update service is removed. When all the updates were downloaded it couldn't install it on the laptop or require a restart and said there is an error installing the updates please try again later ( and the Windows Update was available)."
Someone commented that i need to run " MalewareBytes" and check for viruses or malwares, and the test gave me over 47 threats and the software quarantined them. Nothing appear to be solved, Windows still cannot install the updates. I gave the person who suggested "MalewareBytes" the results and they said it was expected, those viruses are removing the update service , and they suggested to check this form cause removing malwares isn't their specialty. How do I removed those ?
Here is the link for the results 9.4 KB file on MEGA
or here they are
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/17/21
Scan Time: 10:32 AM
Log File: 5a98f660-86fb-11eb-b098-c8d3ffdd1739.json
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38283
License: Trial
-System Information-
OS: Windows 10 (Build 18363.1440)
CPU: x64
File System: NTFS
User: DESKTOP-TFT8G01\user
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344434
Threats Detected: 43
Threats Quarantined: 0
Time Elapsed: 25 min, 21 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Module: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Registry Key: 13
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Restoro, No Action By User, 819, 551610, 1.0.38283, , ame, , ,
Trojan.Ranumbot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender, No Action By User, 7746, 854955, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No Action By User, 819, 551619, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\CSASTATS\ic, No Action By User, 511, 586068, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No Action By User, 819, 551612, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 819, 551614, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, No Action By User, 430, 242794, 1.0.38283, , ame, , ,
Registry Value: 6
Trojan.Agent, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WITHEREDSTAR, No Action By User, 506, 196479, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{46018BF8-5ED4-47EC-B38B-D7E879FE6D2C}, No Action By User, 509, 795081, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}|PATH, No Action By User, 509, 781231, 1.0.38283, , ame, , ,
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, No Action By User, 506, 428246, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59|CAMPAIGNID, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, No Action By User, 430, 242794, 1.0.38283, , ame, , ,
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 1
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, No Action By User, 7189, 921555, 1.0.38283, , ame, , ,
File: 13
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, 1.0.38283, 2F3F9E384C4C9399D6DE1AA7, dds, 01161080, 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No Action By User, 819, 551609, 1.0.38283, , ame, , 0DA69F2F8B6B7B0D4B90721C743AF2F4, 908C40056B2B5036BFB68BF740A7EF6001E340A3F4D3C46A8A7F1E9641401701
Trojan.Glupteba.E, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, No Action By User, 509, 781233, 1.0.38283, , ame, , 69A0D9C0C5375C69B9D9CB26897E08EF, 454C874EB9F2EEBC61CB46C37492DD34AB068BE89D3E0316F78997F15E8D966F
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, 1.0.38283, A37FA6DE49EA5E096CB1A132, dds, 01161080, 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, 1.0.38283, 88D5EFE910C9554EAB70EC87, dds, 01161080, 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.799\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
Generic.Malware/Suspicious, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\R20210209.EXE, No Action By User, 0, 392686, 1.0.38283, , shuriken, , 02E2027A7A49D7A45EEA27AC42881C9E, 2461D5E17D86DC52AF3D194AC25A1FD3C9C833AD3B02F2ADAE78157A950035E3
Trojan.Glupteba, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\GETFP.EXE, No Action By User, 4375, 916786, 1.0.38283, C50A762CEA5FDFC9FA40C0BF, dds, 01161080, 941B755A404A616A55EA57FF4DBFE184, 9AFABDF762EA2E412019CE0F6004F7FE1C948F2B36E1AAB347E623FEDD5EF440
Spyware.PasswordStealer.GO, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\U20200626.EXE, No Action By User, 7544, 835370, 1.0.38283, 7B51AF3F5F13383FF7A91534, dds, 01161080, C6E81BAC5A3385A0A9CEF0BF9B45C624, 3414DDDA2D8E2D44F7E33CF513DE0C6A10D593E0358AD55586657D42682FFB5C
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.386\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
PUP.Optional.Restoro, C:\USERS\USER\DOWNLOADS\RESTORO.EXE, No Action By User, 819, 551611, 1.0.38283, , ame, , 149B7754E41E3330E87D3C303FECE58C, 5D99408FC2F7BC85F2C4BC6DCD762008BFECD5C8DCAAACF9C9BDC2914DDD22B1
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
"Greetings Redditors, I am encountering this recent error concerning the updates to my OS. I have surfed he internet and youtube and found that this error is caused when the "Windows Update" service is missing. I did follow a tutorial to register the keys again ( mind you that i backed up my keys and used it but for some reason the service i recreated didn't work, so i copy pasted a registry from an article and it worked) The updates were downloaded perfectly and i restarted my laptop to install and apply. However, nothing changed and the Windows Update service was removed !! and the error kept happening .
I repeated the process several times, whenever i restart my laptop ,the Update service is removed. When all the updates were downloaded it couldn't install it on the laptop or require a restart and said there is an error installing the updates please try again later ( and the Windows Update was available)."
Someone commented that i need to run " MalewareBytes" and check for viruses or malwares, and the test gave me over 47 threats and the software quarantined them. Nothing appear to be solved, Windows still cannot install the updates. I gave the person who suggested "MalewareBytes" the results and they said it was expected, those viruses are removing the update service , and they suggested to check this form cause removing malwares isn't their specialty. How do I removed those ?
Here is the link for the results 9.4 KB file on MEGA
or here they are
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/17/21
Scan Time: 10:32 AM
Log File: 5a98f660-86fb-11eb-b098-c8d3ffdd1739.json
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38283
License: Trial
-System Information-
OS: Windows 10 (Build 18363.1440)
CPU: x64
File System: NTFS
User: DESKTOP-TFT8G01\user
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344434
Threats Detected: 43
Threats Quarantined: 0
Time Elapsed: 25 min, 21 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Module: 5
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, , , , , 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, , , , , 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, , , , , 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, , , , , 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, , , , , D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Registry Key: 13
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Restoro, No Action By User, 819, 551610, 1.0.38283, , ame, , ,
Trojan.Ranumbot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender, No Action By User, 7746, 854955, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No Action By User, 819, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No Action By User, 819, 551619, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E95EEFAC-FE84-4190-9335-1D45BF615848}, No Action By User, 509, 781233, , , , , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\CSASTATS\ic, No Action By User, 511, 586068, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No Action By User, 819, 551612, 1.0.38283, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No Action By User, 819, 551614, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, No Action By User, 430, 242794, 1.0.38283, , ame, , ,
Registry Value: 6
Trojan.Agent, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WITHEREDSTAR, No Action By User, 506, 196479, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{46018BF8-5ED4-47EC-B38B-D7E879FE6D2C}, No Action By User, 509, 795081, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E95EEFAC-FE84-4190-9335-1D45BF615848}|PATH, No Action By User, 509, 781231, 1.0.38283, , ame, , ,
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, No Action By User, 506, 428246, 1.0.38283, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\6a67fa59|CAMPAIGNID, No Action By User, 509, 821174, 1.0.38283, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-493582733-3832768312-483052813-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, No Action By User, 430, 242794, 1.0.38283, , ame, , ,
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 1
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, No Action By User, 7189, 921555, 1.0.38283, , ame, , ,
File: 13
Trojan.Ranumbot, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, 7746, 854955, 1.0.38283, 2F3F9E384C4C9399D6DE1AA7, dds, 01161080, 6512AE7C9F36206F6433F78296102419, 6B9468EFEE35A8454A7FB395F43E5BDD14DF918437661846D7D6EC199BA08883
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No Action By User, 819, 551609, 1.0.38283, , ame, , 0DA69F2F8B6B7B0D4B90721C743AF2F4, 908C40056B2B5036BFB68BF740A7EF6001E340A3F4D3C46A8A7F1E9641401701
Trojan.Glupteba.E, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, No Action By User, 509, 781233, 1.0.38283, , ame, , 69A0D9C0C5375C69B9D9CB26897E08EF, 454C874EB9F2EEBC61CB46C37492DD34AB068BE89D3E0316F78997F15E8D966F
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\MG20201223-1.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, 0A13D106FA3997A0C911EDD5AA0E147A, 5E46ECFFCFF9440E97BF4F0A85AD34132407F925B27A8759F5A01DE5EA4DA6AF
Trojan.ServStart, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\M672.EXE, No Action By User, 5779, 916787, 1.0.38283, A37FA6DE49EA5E096CB1A132, dds, 01161080, 1496F269A788B609062ADBD300F2D18C, 9D41D85B30958480BE3F7EEFF32D2CF4EBE2F1C5790DEDFD8CBAC0A3C8B58F03
Malware.AI.2876304519, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\WW31.EXE, No Action By User, 1000000, 0, 1.0.38283, 88D5EFE910C9554EAB70EC87, dds, 01161080, 9A4B7B0849A274F6F7AC13C7577DAAD8, C1D5A585FCE188423D31DF3EA806272F3DAA5EB989E18E9ECF3D94B97B965F8E
Generic.Trojan.Malicious.DDS, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\ML20201223.EXE, No Action By User, 1000002, 0, 1.0.38283, 9A7A6AFB3102800D547A4E88, dds, 01161080, D54ADE674CB0C3E6D322ED7380E8ADF6, 5191548B8EDF4B98E623F055F5205E2DB17AA220C28928B1DA1C3A9BA1A75EE0
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.799\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
Generic.Malware/Suspicious, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\R20210209.EXE, No Action By User, 0, 392686, 1.0.38283, , shuriken, , 02E2027A7A49D7A45EEA27AC42881C9E, 2461D5E17D86DC52AF3D194AC25A1FD3C9C833AD3B02F2ADAE78157A950035E3
Trojan.Glupteba, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\GETFP.EXE, No Action By User, 4375, 916786, 1.0.38283, C50A762CEA5FDFC9FA40C0BF, dds, 01161080, 941B755A404A616A55EA57FF4DBFE184, 9AFABDF762EA2E412019CE0F6004F7FE1C948F2B36E1AAB347E623FEDD5EF440
Spyware.PasswordStealer.GO, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS\U20200626.EXE, No Action By User, 7544, 835370, 1.0.38283, 7B51AF3F5F13383FF7A91534, dds, 01161080, C6E81BAC5A3385A0A9CEF0BF9B45C624, 3414DDDA2D8E2D44F7E33CF513DE0C6A10D593E0358AD55586657D42682FFB5C
Trojan.MalPack.GS, C:\USERS\USER\APPDATA\LOCAL\TEMP\RAR$EXB0.386\CLIP+STUDIO+PAINT+EX+1-PFQJ-AIGQSGC04WQAOKQCAEXCFWASAE9KKTAA.EXE, No Action By User, 8442, 920503, 1.0.38283, EB9DA494648BBF6DC723AF51, dds, 01161080, 05390F760D029576605D5AB3C72482D4, C41737E8C70364AC3475E2713B2623746B16E2AB8C6D74CDACF875FC271540EE
PUP.Optional.Restoro, C:\USERS\USER\DOWNLOADS\RESTORO.EXE, No Action By User, 819, 551611, 1.0.38283, , ame, , 149B7754E41E3330E87D3C303FECE58C, 5D99408FC2F7BC85F2C4BC6DCD762008BFECD5C8DCAAACF9C9BDC2914DDD22B1
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
