Jump to content
rbkaiser

Installation Problems due to Malware Detected

Recommended Posts

14 hours ago, itman said:

Right mouse click on the Rainmeter shortcut. Select Properties and take a screen shot of what is shown. Post screen shot in your forum reply.

yes that's for my customized desktop icons and layout. had that there since i got the PC in 2016

image.png.08572e88121121b787baa72348219953.png

image.thumb.png.09919e66753714966a05eff525bd6d04.png

Share this post


Link to post
Share on other sites
Posted (edited)

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

Autoruns_1.thumb.png.590ec48909bdd9953e9ba67dddc43539.png

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Also after posting the above Autoruns use, I actually found a posting on how to do the same that can be referenced if my instructions are a bit confusing: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

Also it appears that startupchecklibrary.dll and winscomrssrv.dll detections are pretty wide spread. For example, Windows Defender also detected same as noted here:http://www.geekstogo.com/forum/topic/373867-there-was-a-problem-starting-startupchecklibrarydll/ . There were also statements made that these detections might be false positives. Appears the issue dates back to a borked Win Update. In any case, deletion of the .dlls do not appear to cause any system issues. Also Eset is far from alone in not also removing the registry startup entries related to them.

Edited by itman

Share this post


Link to post
Share on other sites
On 7/26/2020 at 9:12 PM, itman said:

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

Autoruns_1.thumb.png.590ec48909bdd9953e9ba67dddc43539.png

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

sorry late reply.. i was away for a while

did i get the correct screenshots? 

image.thumb.png.fb2b74657c545aea298e10dad0fadeab.png

image.thumb.png.f48c2125a55a7163dd9df399615af417.png

 

 

Share this post


Link to post
Share on other sites
Posted (edited)
12 hours ago, rbkaiser said:

did i get the correct screenshots? 

Yes.

To be safe, first create a System Restore point.

Then via Autoruns, delete those two scheduled task entries as shown from an article I posted a link to previously: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

 

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...