MasterMind6 0 Posted 3 hours ago Share Posted 3 hours ago hello i built an app from youtube to enhance my game graphics and now i keep getting this every 1 min * a threat (msil/injector.fcd) was found in a file that microsoft teams tried to access * its so annyoing and whenever eset tell me that it got rid of it it ask me to restart and it all happens again i have malwarebytes plus and eset smart security premium both are detecting an outbound and blocking it but its so annoying because it happens every 30 sec to 1 min please help anyone Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 3 hours ago Administrators Share Posted 3 hours ago Please provide logs collected with ESET Log Collector from the machine. Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago ok am on it right now Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago (edited) its collecting now Edited 2 hours ago by MasterMind6 Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago here it is essp_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 2 hours ago Administrators Share Posted 2 hours ago The malicious files were created by C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud\taskhostw.exe so most likely when syncing with your files in your OneDrive storage. Log in to OneDrive in a browser and delete all suspicious files. Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago (edited) ok if i delete one drive would that fix it ? i dont know how to go to that onedrive storage Edited 2 hours ago by MasterMind6 Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i deleted everything in onedrive C:\Users\acer\OneDrive Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i still get this Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,278 Posted 2 hours ago Administrators Solution Share Posted 2 hours ago You must delete the suspicious files in the cloud, otherwise the OneDrive agent will download them again during a sync. Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i even did a restore repair windows files and did not fix the problem Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i did delete all the files in the cloud and i deleted onedrive it self and i have revo uninstaller so it took all the files even from the reg Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i get this every few seconds Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago (edited) now i only get the address has been blocked every 2 seconds Edited 2 hours ago by MasterMind6 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 2 hours ago Administrators Share Posted 2 hours ago What if you temporarily rename C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud\taskhostw.exe in safe mode? Does it stop the detections from occurring? Also you have quite many performance and detection exclusions. Please remove the performance exclusions and use only detection exclusions with a detection name set. Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago (edited) could you guide me how to do it please ? Edited 2 hours ago by MasterMind6 Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago (edited) just to let you know i deleted all the files in C:\Users\acer\AppData\Local\Programs\Common\OneDriveCloud so its totally empty now Edited 2 hours ago by MasterMind6 Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago good thing is no more *A threat (msil/injector.fcd) was found in a file that microsoft teams tried to access* but i got that address has been blocked thing every 2 seconds Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 2 hours ago Administrators Share Posted 2 hours ago Remove all performance exclusions as well as detection exclusions that have no detection name set, reboot the machine and see what happens. Detection exclusions with no detection name: C:\Users\acer\Desktop\KeyFlexor-v1\KeyFlexor v1\* C:\Users\acer\Desktop\KeyFlexor-v1\KeyFlexor v1\KeyFlexor v1\STEP 2\* C:\Program Files\keyflexor\Keyflexor.exe C:\Program Files\keyflexor C:\Program Files\keyflexor\Keyflexor.exe C:\Program Files\keyflexor\Check_KF.exe C:\Program Files\keyflexor\net8installer.exe C:\Program Files\keyflexor\Keyflexor.exe.config Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago ok i will reboot now i just removed all performance exclusions Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 2 hours ago Administrators Share Posted 2 hours ago 1 minute ago, MasterMind6 said: ok i will reboot now i just removed all performance exclusions Don't forget to remove also detection exclusions listed above that have no detection name set. Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago i did and now am back and WOW man you are a beast ! no notifications no nothing Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 2 hours ago Author Share Posted 2 hours ago man i appretiate your help so much !!! have been a pain for me to fix this problem and now its fixed thanks to you !! Quote Link to comment Share on other sites More sharing options...
MasterMind6 0 Posted 1 hour ago Author Share Posted 1 hour ago do i need to do more things or thats it ? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,278 Posted 1 hour ago Administrators Share Posted 1 hour ago That should be all. The whole problem was that you had actual malware excluded from scanning which allowed it to execute. Subsequently various payload was subsequently detected in memory by Advanced memory scanner and Startup scanner, such as: MSIL/AsyncRAT.A trojan Win64/Injector.EM trojan MSIL/Injector.FCD trojan MSIL/ClipBanker.AIF trojan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.