logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Removing Trojan: Wirus Behavior Win32/Hive.ZY - Step-by-Step Guide & Tips

Kenzi2004 10212 11
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Reply | New topic
  • ADVERTISEMENT
  • #2 20174504
    Kolobos
    IT specialist
    Masz podany pid na screenie, zobacz w Process Explorer co to za procesy.

    Zrob skan przy pomocy mbam i usun to co wykryje.

    Co masz w tym katalogu: C:\Users\piotr\opera.exe?

    Fixlist.txt:
    CustomCLSID: HKU\S-1-5-21-3038905591-2620332228-2955037719-1001_Classes\CLSID\{23aaa06e-abab-4e7e-a0ac-6982ed6a6041}\localserver32 -> C:\Users\piotr\AppData\Local\GamerHash\GamerHashLauncher.exe => Brak pliku
    AlternateDataStreams: C:\ProgramData\rsEngine.config.backup:CF02139FF4 [3442]
    AlternateDataStreams: C:\ProgramData\WindowsHook.exe:18D95AD24A [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.32.lnk:BFDD4D0564 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobirise.lnk:B91EF75835 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SideQuest.lnk:CAA93E51EC [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk:C2E9D79AC5 [3442]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [Opera GX Stable] => C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\piotr\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [MicrosoftEdgeAutoLaunch_102D77BE86092CD11F3B00AB05EA0725] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
    GroupPolicy: Ograniczenia ? C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\piotr\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
    Task: {F2CC2531-76BA-45F7-8478-88D684F7A1EA} - System32\Tasks\Opera GX scheduled Autoupdate 1651281726 => C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software)
    2022-06-16 17:30 - 2022-07-28 16:54 - 000263168 _____ () C:\ProgramData\WindowsHook.exe
  • #3 20174606
    wilczek12322
    Level 1  
    I'm getting this from today too? Do you know how to solve it?
  • ADVERTISEMENT
  • #4 20174635
    Kolobos
    IT specialist
    Probably some false alarm.
  • #5 20174781
    Anonymous
    Level 1  
  • #6 20174783
    W.W
    Level 12  
    False alarm showing after latest Microsoft Defender update, need to wait for new update.
  • #7 20174794
    sendiiiiii
    Level 1  
    It also pops up for me, every now and then a notification and when I click on it, in the settings you can see the virus for 5 seconds and it disappears over and over again. So there's nothing to worry about?
  • ADVERTISEMENT
  • #8 20174863
    ZiPeK25
    Level 9  
    This is a Windows Defender virus definition update error. We have to wait for Microsoft's reactions and updates. More info is on Reddit
  • #9 20175043
    hvbix1489
    Level 1  
    so there's nothing to be afraid of? can I get a link to this reddit?
  • #11 20175901
    gulson
    System Administrator
    Lots of people visit here.

    hvbix1489 wrote:
    so there's nothing to be afraid of? can i get a link to this reddit?

    There is nothing to be afraid of and the next update solves the problem.
  • ADVERTISEMENT
  • #12 20176313
    LeDy
    Level 43  
    I had this too and wrote a topic but at the moment I turn it on and nothing came up.
    Has there been a fix?
    The fix came out, for me at 16.41 and after the problem.
Reply | New topic
Report a violation of the law

Topic summary

The discussion revolves around the Trojan Win32/Hive.ZY, which users report as intermittently appearing and disappearing, often flagged by Windows Defender. Initial responses suggest checking processes using Process Explorer and running scans with Malwarebytes (mbam) to remove detected threats. Some users speculate that the alerts may be false positives resulting from a recent Windows Defender update, with many experiencing similar issues. Links to external resources indicate that the problem is widely recognized and that a fix is anticipated in future updates. Overall, users are reassured that there is no immediate cause for concern regarding the Trojan's presence.
Summary generated by the language model.
ADVERTISEMENT