- Oct 16, 2022
- 126
Okay. Please keep me updated.
Okay. Please keep me updated.
Windows Resource Protection found corrupted files and repaired them successfully.Okay. Please keep me updated.
Could you share the log file?Windows Resource Protection found corrupted files and repaired them successfully.
For online repairs, the details are included in the CBS log file located at
windir\Logs\CBS.log. For example, C:\WindowsLogsCBS\CBS.log. For offline
offline, the details are included in the log file provided by the /OFFLOGFILE flag.
Yes, only the complete log is big? it has since 12/06 CBS.logCould you share the log file?
Kaspersk already added in their subscriptions, saw how fast their lab is 24 hours a day.Already untrusted in KSN:
Now yes, I thought no AV was going to this thing, lol. Harmony is amazing product.With Harmony (Kaspersky)
Yes, I had seen is that I mentioned to @harlan4096 that he had reported kaspersky(KSN) in post #37 and they added it in their definitions.Gdata too and Microsoft Defender
View attachment 276820
These errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lolCould you share the log file?
Lol! Sure, I have privately texted youThese errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lol
He impresses me more and more.Now yes, I thought no AV was going to this thing, lol. Harmony is amazing product.
Wow, you detected it through behavior? DeepGuard is good too.
Wow, you detected it through behavior? DeepGuard is good too.
And why didn't Bitdefender detect anything for me? why don't i have discord installed?During execution, the Trojan launches CMD and PowerShell actions. F-Secure has detected this. The Trojan remained in memory but inactive.
I tested Bitdefender Free a few hours ago. BD blocks the C2 connection made by build.exe, so the malware couldn't do anything after. The C2 was already blacklisted by BD even before @likeastar20 shared the sample. Maybe for some reason, the C2 didn't/doesn't connect to your location.I ran crazydown and for me it had no effect, no detection by Bitdefender AV, no suspicious connections, just two processes running from build.exe that I kept monitoring and then it created some temporary files in the temp folder and they were the same files as the packaged crazydown.exe. I don't have Discord, but I do have edge and chrome. I was disappointed to expect something else from the malware.
Final results clean machine, tested on physical machine, nothing unusual if stolen or infected then hitched a ride with some Windows process and sent it to web, good luck to the one who stole it.
Correct, so that is clarified. NextDNS I block the suspicious top-level domains (TLD), so it did not make the connection C2.Maybe for some reason, the C2 didn't/doesn't connect to your location.
Haha that's why. I always make my VM use a filter free DNS. Mine is set to use 1.1.1.1 & 8.8.8.8. Though using NextDNS would be better that you'll be able to have all the logs about the connections malware made. That's how @Trident tests. But make sure all filterings are off.Correct, so that is clarified. NextDNS I block the suspicious top-level domains (TLD), so it did not make the connection C2.