Σ
ΣИШΔΠЦΞĿ 硕士黑客
hello im wondering if defender just got buggy after dealing with some malware i apparently downloaded not long ago, ever since it keeps detecting "behavior:win32/ceprolad.A" and "trojan:win32/occamy.c" every few hours or so, and it turns on UAC for some reason after every detection I think, no other odd behavior so far, its only a PID and when its a file it isnt there when I look for it, maybe it gets deleted right away?, and when it is, no other av software can detect it, defender itself cant find anything in quick or full or even OFFLINE scan after the alleged threat is detected
I've tried malware bytes running all day and it found nothing even with hyperscan, hitmanpro only found a "suspicious" wimbot.sys file that I was afraid could prevent me from booting but it didnt even though it was deleted, I tried microsoft safety scanner, also nothing
this thing only comes up randomly on defender and it asks to restart to finish cleaning it up but clicking restart doesnt work, and it often disappears from the list of detected threats, if i click take action when it shows up, it just hangs there
so far these files keep showing up and defender apparently deletes them every time
file: C:\Users\EspHack\AppData\Local\Microsoft\Windows\INetCache\IE\MIPY49MB\MicrosoftSecurity[1].exe
file: C:\ProgramData\update.exe
file: C:\Users\EspHack\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5CEA8CFB8047B569B331D0E79D28457D
they look sketchy enough but why is it only defender seems to think they are malware? if defender is right then this is a exploit that can infect a running process and deliver the payload(those 3 files) and defender cant fix that "suspicious behavior" threat other than blocking it every time
im running 17134.165, latest threat definition as of july 12
btw this windows defender thing just feels buggy af as usual, almost every time a notification comes up I click on it and it isnt on threat history, or I cant tell if its there since its already in quarantine? I even have those alerts turned off and they just keep coming anyway, is there anything that works as intended on w10?
Continue reading...
I've tried malware bytes running all day and it found nothing even with hyperscan, hitmanpro only found a "suspicious" wimbot.sys file that I was afraid could prevent me from booting but it didnt even though it was deleted, I tried microsoft safety scanner, also nothing
this thing only comes up randomly on defender and it asks to restart to finish cleaning it up but clicking restart doesnt work, and it often disappears from the list of detected threats, if i click take action when it shows up, it just hangs there
so far these files keep showing up and defender apparently deletes them every time
file: C:\Users\EspHack\AppData\Local\Microsoft\Windows\INetCache\IE\MIPY49MB\MicrosoftSecurity[1].exe
file: C:\ProgramData\update.exe
file: C:\Users\EspHack\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5CEA8CFB8047B569B331D0E79D28457D
they look sketchy enough but why is it only defender seems to think they are malware? if defender is right then this is a exploit that can infect a running process and deliver the payload(those 3 files) and defender cant fix that "suspicious behavior" threat other than blocking it every time
im running 17134.165, latest threat definition as of july 12
btw this windows defender thing just feels buggy af as usual, almost every time a notification comes up I click on it and it isnt on threat history, or I cant tell if its there since its already in quarantine? I even have those alerts turned off and they just keep coming anyway, is there anything that works as intended on w10?
Continue reading...