J
J&Y
Hi.
Recently my Microsoft OneNote crashed (after updating Windows) when inserting pdf, leading me to search about the resolution, in which I later saw an article online saying this might be due to corrupted system file.
I also saw 2 dialog boxes saying my StartupCheckLibrary.dll and winscomrssrv.dll is having problem everytime I restart my computer.
Then, I proceed to use Windows Defender and saw that there are 3 Trojan which are detected few days ago, affecting these .dll files.
After I saw these malware detections, I ran a full scan on my computer using Windows Defender and discovered another malware.
However, even after I block the new malware, I still can see the .dll file error on startup. (Maybe because Windows disabled them)
Hence, I downloaded Malwarebytes and ran a scan, only discovering that there are another 21 malwares and 1 potential-unwanted program in my pc.
Below are the scan details of Malwarebytes:
===========================================-Scan Details-===================================
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 12
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.33344, , ame, , ,
Registry Value: 5
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{5FEC48C2-B8AD-4764-9EF3-151676F950BF}, Quarantined, 943, 840273, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}|PATH, Quarantined, 503, 780232, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}|PATH, Quarantined, 503, 782993, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}|PATH, Quarantined, 503, 784920, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}|PATH, Quarantined, 503, 780528, 1.0.33344, , ame, , ,
Registry Data: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-2774254989-1650552144-2002851637-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 240, 292990, 1.0.33344, , ame, , ,
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 4
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.33344, , ame, , DEA456F460781902A6EDB31CA9A96DC9, EC91DFE21206FF8313556A0124B9D1D97BC80B2A825B1B9AA93CDA08349373D6
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.33344, , ame, , C93DAD9E123D108F11F2AFC72464F3A9, EBB1F78E2A6B796D94CFCDD65524BE6C700C51D2E9CB29280761077DCF17A4DC
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, Quarantined, 503, 735769, 1.0.33344, , ame, , C0BA5C27FC06432C8096FDAF68380A96, 79D6C9C41A2602C3E962CDA1F8135BB74E2C4C6FA7967F599FC5C421546C5EA7
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 75D3AC02E91DFC310210F54F7260EF58, 625FC0A0BAAB1B513E29AED5824308BB78A43E558AC18A418354304379F1749E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
===========================================-End Of Scan Details-===================================
After quarantining the malwares detected using Malwarebytes, now I do not see the StartupUpdateLibrary.dll error anymore.
However, I suspect my computer has been infected. And those system files that are quarantined cannot be quarantine forever and I will need to use them some day.
And also, my OneNote still crash when inserting pdf.
When I use OneNote web client, I can see the pdf being inserted, but the content is not shown either.
I would like to remove these malwares, but I afraid I will damage my computer. Could anyone help me? Thank you so much.
Continue reading...
Recently my Microsoft OneNote crashed (after updating Windows) when inserting pdf, leading me to search about the resolution, in which I later saw an article online saying this might be due to corrupted system file.
I also saw 2 dialog boxes saying my StartupCheckLibrary.dll and winscomrssrv.dll is having problem everytime I restart my computer.
Then, I proceed to use Windows Defender and saw that there are 3 Trojan which are detected few days ago, affecting these .dll files.
After I saw these malware detections, I ran a full scan on my computer using Windows Defender and discovered another malware.
However, even after I block the new malware, I still can see the .dll file error on startup. (Maybe because Windows disabled them)
Hence, I downloaded Malwarebytes and ran a scan, only discovering that there are another 21 malwares and 1 potential-unwanted program in my pc.
Below are the scan details of Malwarebytes:
===========================================-Scan Details-===================================
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 12
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}, Quarantined, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}, Quarantined, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{94ACB16B-0DB5-472C-940A-27C755BB60DC}, Quarantined, 503, 735769, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}, Quarantined, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.33344, , ame, , ,
Registry Value: 5
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{5FEC48C2-B8AD-4764-9EF3-151676F950BF}, Quarantined, 943, 840273, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C96A4F3-CF18-48FE-B8D8-67712EC147E0}|PATH, Quarantined, 503, 780232, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{320A7A0D-A208-4B4F-903A-3E6F13E752B3}|PATH, Quarantined, 503, 782993, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94ACB16B-0DB5-472C-940A-27C755BB60DC}|PATH, Quarantined, 503, 784920, 1.0.33344, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE2C3868-F32D-4B19-9835-D95C6D8547A1}|PATH, Quarantined, 503, 780528, 1.0.33344, , ame, , ,
Registry Data: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-2774254989-1650552144-2002851637-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 240, 292990, 1.0.33344, , ame, , ,
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 4
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.33344, , ame, , DEA456F460781902A6EDB31CA9A96DC9, EC91DFE21206FF8313556A0124B9D1D97BC80B2A825B1B9AA93CDA08349373D6
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.33344, , ame, , C93DAD9E123D108F11F2AFC72464F3A9, EBB1F78E2A6B796D94CFCDD65524BE6C700C51D2E9CB29280761077DCF17A4DC
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, Quarantined, 503, 735769, 1.0.33344, , ame, , C0BA5C27FC06432C8096FDAF68380A96, 79D6C9C41A2602C3E962CDA1F8135BB74E2C4C6FA7967F599FC5C421546C5EA7
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 75D3AC02E91DFC310210F54F7260EF58, 625FC0A0BAAB1B513E29AED5824308BB78A43E558AC18A418354304379F1749E
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
===========================================-End Of Scan Details-===================================
After quarantining the malwares detected using Malwarebytes, now I do not see the StartupUpdateLibrary.dll error anymore.
However, I suspect my computer has been infected. And those system files that are quarantined cannot be quarantine forever and I will need to use them some day.
And also, my OneNote still crash when inserting pdf.
When I use OneNote web client, I can see the pdf being inserted, but the content is not shown either.
I would like to remove these malwares, but I afraid I will damage my computer. Could anyone help me? Thank you so much.
Continue reading...