Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's this hidden object Avira found?


  • Please log in to reply
5 replies to this topic

#1 WouldBePolymath

WouldBePolymath

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 24 August 2016 - 09:48 PM

The other day I ran a file scan with Avira Antivirus Pro, and in the log file

 

AVSCAN-20160820-175030-EC8537CB.LO

 

I found this:

 

Starting search for hidden objects.
HKEY_CURRENT_USER\Software\Classes\AppXaf0097ws4bwb0wre67gmp7pc9fjr8en6\DefaultIcon
  [NOTE]      The registry entry is invisible.

 

Does anybody know how I can find out what this is and what I should do about it?
 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 29 August 2016 - 11:01 AM

Hi WouldBePolymath :)

According to this link, this would be the DefaultIcon value for the OneNote logo.

https://forum.piriform.com/index.php?showtopic=44740

Nothing malicious there.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 WouldBePolymath

WouldBePolymath
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 21 September 2016 - 11:44 PM

When I posted on this topic before, the hidden object had disappeared the next time I did a scan.

 

I just did another such scan, and I found a hidden object "cpuz138_x64.sys".

 

At http://www.file.net/process/cpuz138_x64.sys.html it says:

 

Cpuz138_x64.sys file information

 

The process known as cpuz138 or CPUID Driver belongs to software CPUID service by CPUID.

 

Description: Cpuz138_x64.sys is not essential for the Windows OS and causes relatively few problems. Cpuz138_x64.sys is located in a not identifiable folder. The file size on Windows 10/8/7/XP is 0 bytes. http://www.file.net/process/cpuz138_x64.sys.html

The driver can be started or stopped from Services in the Control Panel or by other programs. The program is not visible. The service has no detailed description. It is not a Windows system file. There is no information about the author of the file. Note: File does not exist any longer. Therefore the technical security rating is 35% dangerous.

 

Recommended: Identify cpuz138_x64.sys related errors

 

Important: Some malware camouflages itself as cpuz138_x64.sys. Therefore, you should check the cpuz138_x64.sys process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.

 

Comments?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 21 September 2016 - 11:45 PM

It belongs to CPU-Z which is a legitimate program. Once again, nothing to worry about here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 xrobwx

xrobwx

  • Members
  • 183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Panama City Beach, FL USA
  • Local time:04:14 AM

Posted 23 September 2016 - 08:07 AM

I would whitelist those entries. You can also upload to virus total and verify.


7581204627.png


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 24 September 2016 - 04:58 AM

About CPU-Z
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users