Jump to content

Unknown accounts

temp

By temp
in General Discussion

 Share

Recommended Posts

temp

temp 0

Posted
Posted

Hello, good evening, I found 2 unknown accounts, I previously had to format it, is it possible that this virus remains on my PC even after formatting?

Capturadepantalla2023-09-22224644.png.019aee8f9a1321869d2f64ac175d60a2.png

Link to comment
Share on other sites
  • Marcos changed the title to Unknown accounts
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

Link to comment
Share on other sites
temp

temp 0

Posted
  • Author
Posted
10 hours ago, Marcos said:

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

ESET Smart Security Premium

Link to comment
Share on other sites
temp

temp 0

Posted
  • Author
Posted
10 hours ago, Marcos said:

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

How can I know if it is a rootkit?

Link to comment
Share on other sites
itman

itman 1,630

Posted
Posted

Try running;

sfc /scannow

from an admin level command prompt window. It should set Win file permissions back to default values.

Link to comment
Share on other sites
temp

temp 0

Posted
  • Author
Posted

Windows antivirus had detected 3 suspicious drivers that come with Windows, the drivers name is asio3.sys,ctiaio64.sys,msio64.sys

Link to comment
Share on other sites
itman

itman 1,630

Posted
Posted
29 minutes ago, temp said:

Windows antivirus had detected 3 suspicious drivers that come with Windows, the drivers name is asio3.sys,ctiaio64.sys,msio64.sys

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

Link to comment
Share on other sites
temp

temp 0

Posted
  • Author
Posted
16 minutes ago, itman said:

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

DRIVER ctiaoio64.sys https://www.virustotal.com/gui/file/a731e079d1a78505bcbcb052b9e002b5daa01f5fc050e5c8b9d930e99b500bee/detection

 

DRIVER

MSIO64.SYS https://www.virustotal.com/gui/file/d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2/detection

 

DRIVER

asio3.sys https://www.virustotal.com/gui/file/b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df/detection 

2 drivers are vulnerable, I scanned them in virustotal and they are related to malware, spyware, trojan, bakdoor, I already formatted the pc, updated the bios, secure boot activated and it is still on my pc

Link to comment
Share on other sites
temp

temp 0

Posted
  • Author
Posted (edited)
35 minutes ago, itman said:

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

DRIVER ctiaoio64.sys https://www.virustotal.com/gui/file/a731e079d1a78505bcbcb052b9e002b5daa01f5fc050e5c8b9d930e99b500bee/detection

 

DRIVER

MSIO64.SYS https://www.virustotal.com/gui/file/d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2/detection

 

DRIVER

asio3.sys https://www.virustotal.com/gui/file/b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df/detection 

The mslo64 driver is related to BootKit, BlackLotus

Edited by temp
Link to comment
Share on other sites
itman

itman 1,630

Posted
Posted (edited)

The only drivers with a detection at VT are asio3.sys and MsIo64.sys. Its a single vendor detection. As such, assume that is a false positive. If these drivers were indeed vulnerable, Eset should have detected them: https://forum.eset.com/topic/36706-avastj-and-asusd-pup/ .

BTW - verify that you have Eset Potentially unwanted applications and unsafe applications enabled in Eset real-time protection settings.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...