Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

Removing Trojan: Wirus Behavior Win32/Hive.ZY - Step-by-Step Guide & Tips

Kenzi2004 8844 11
This content has been translated flag-pl » flag-en View the original version here.
Reply | New topic
  • #2
    Kolobos
    IT specialist
    Masz podany pid na screenie, zobacz w Process Explorer co to za procesy.

    Zrob skan przy pomocy mbam i usun to co wykryje.

    Co masz w tym katalogu: C:\Users\piotr\opera.exe?

    Fixlist.txt:
    CustomCLSID: HKU\S-1-5-21-3038905591-2620332228-2955037719-1001_Classes\CLSID\{23aaa06e-abab-4e7e-a0ac-6982ed6a6041}\localserver32 -> C:\Users\piotr\AppData\Local\GamerHash\GamerHashLauncher.exe => Brak pliku
    AlternateDataStreams: C:\ProgramData\rsEngine.config.backup:CF02139FF4 [3442]
    AlternateDataStreams: C:\ProgramData\WindowsHook.exe:18D95AD24A [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.32.lnk:BFDD4D0564 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobirise.lnk:B91EF75835 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SideQuest.lnk:CAA93E51EC [3442]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk:C2E9D79AC5 [3442]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [Opera GX Stable] => C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\piotr\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3038905591-2620332228-2955037719-1001\...\Run: [MicrosoftEdgeAutoLaunch_102D77BE86092CD11F3B00AB05EA0725] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
    GroupPolicy: Ograniczenia ? C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\piotr\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
    Task: {F2CC2531-76BA-45F7-8478-88D684F7A1EA} - System32\Tasks\Opera GX scheduled Autoupdate 1651281726 => C:\Users\piotr\AppData\Local\Programs\Opera GX\launcher.exe [2474448 2022-09-01] (Opera Norway AS -> Opera Software)
    2022-06-16 17:30 - 2022-07-28 16:54 - 000263168 _____ () C:\ProgramData\WindowsHook.exe
  • #3
    wilczek12322
    Level 1  
    I'm getting this from today too? Do you know how to solve it?
  • #4
    Kolobos
    IT specialist
    Probably some false alarm.
  • #5
    Pawel990611
    Level 7  
    Since 12 o'clock I keep getting a notification from Windows Defender. I see a lot of topics on the web with this problem, but no one has solved it yet. Is it possible that after the update there is a false positive or something went inside?
  • #6
    W.W
    Level 12  
    False alarm showing after latest Microsoft Defender update, need to wait for new update.
  • #7
    sendiiiiii
    Level 1  
    It also pops up for me, every now and then a notification and when I click on it, in the settings you can see the virus for 5 seconds and it disappears over and over again. So there's nothing to worry about?
  • #8
    ZiPeK25
    Level 8  
    This is a Windows Defender virus definition update error. We have to wait for Microsoft's reactions and updates. More info is on Reddit
  • #9
    hvbix1489
    Level 1  
    so there's nothing to be afraid of? can i get a link to this reddit?
  • #11
    gulson
    System Administrator
    Lots of people visit here.

    hvbix1489 wrote:
    so there's nothing to be afraid of? can i get a link to this reddit?

    There is nothing to be afraid of and the next update solves the problem.
  • #12
    LeDy
    Level 43  
    I had this too and wrote a topic but at the moment I turn it on and nothing came up.
    Has there been a fix?
    The fix came out, for me at 16.41 and after the problem.
Reply | New topic