Jump to content

Unknown accounts


temp

Recommended Posts

Hello, good evening, I found 2 unknown accounts, I previously had to format it, is it possible that this virus remains on my PC even after formatting?

Capturadepantalla2023-09-22224644.png.019aee8f9a1321869d2f64ac175d60a2.png

Link to comment
Share on other sites

  • Marcos changed the title to Unknown accounts
  • Administrators

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

Link to comment
Share on other sites

10 hours ago, Marcos said:

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

ESET Smart Security Premium

Link to comment
Share on other sites

10 hours ago, Marcos said:

What ESET product do you have installed? If ESET Internet Security or ESET Smart Security Premium, couldn't it be that you have enabled Anti-Theft and at least of the accounts is the Phantom account?

How can I know if it is a rootkit?

Link to comment
Share on other sites

Windows antivirus had detected 3 suspicious drivers that come with Windows, the drivers name is asio3.sys,ctiaio64.sys,msio64.sys

Link to comment
Share on other sites

29 minutes ago, temp said:

Windows antivirus had detected 3 suspicious drivers that come with Windows, the drivers name is asio3.sys,ctiaio64.sys,msio64.sys

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

Link to comment
Share on other sites

16 minutes ago, itman said:

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

DRIVER ctiaoio64.sys https://www.virustotal.com/gui/file/a731e079d1a78505bcbcb052b9e002b5daa01f5fc050e5c8b9d930e99b500bee/detection

 

DRIVER

MSIO64.SYS https://www.virustotal.com/gui/file/d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2/detection

 

DRIVER

asio3.sys https://www.virustotal.com/gui/file/b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df/detection 

2 drivers are vulnerable, I scanned them in virustotal and they are related to malware, spyware, trojan, bakdoor, I already formatted the pc, updated the bios, secure boot activated and it is still on my pc

Link to comment
Share on other sites

35 minutes ago, itman said:

asio3.sys - ASUS motherboad relater driver. It probably is OK but could be a vulnerable driver. You need to check on ASUS web site about this.

ctiaio64.sys - Creative Technology Innovation Co., LTd driver. Couldn't find any info on this one.

msio64.sys - MSI driver associated with MysticLight software. Perhaps a graphics card utility of sort. Eset in the past has flagged this one: https://forum.eset.com/topic/32126-eset-flagging-drivers-as-potential-malware/ , it's a driver that has had a vulnerability in it in the past.

DRIVER ctiaoio64.sys https://www.virustotal.com/gui/file/a731e079d1a78505bcbcb052b9e002b5daa01f5fc050e5c8b9d930e99b500bee/detection

 

DRIVER

MSIO64.SYS https://www.virustotal.com/gui/file/d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2/detection

 

DRIVER

asio3.sys https://www.virustotal.com/gui/file/b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df/detection 

The mslo64 driver is related to BootKit, BlackLotus

Edited by temp
Link to comment
Share on other sites

The only drivers with a detection at VT are asio3.sys and MsIo64.sys. Its a single vendor detection. As such, assume that is a false positive. If these drivers were indeed vulnerable, Eset should have detected them: https://forum.eset.com/topic/36706-avastj-and-asusd-pup/ .

BTW - verify that you have Eset Potentially unwanted applications and unsafe applications enabled in Eset real-time protection settings.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...