Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Health - Windows Defender - MSASCuiL.exe


  • Please log in to reply
No replies to this topic

#1 watergrrl

watergrrl

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Denver, CO
  • Local time:05:27 AM

Posted 29 June 2017 - 06:25 AM

Filename:   MSASCuiL.exe    (I'm in autoruns and I have a trailing 'L' before the extension. 
Registry Value Name:   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
Command:      (no clue)
File Location:    %ProgramFiles%\Windows Defender\MSASCuiL.exe

                        == or ==   

                           c:\program files\windows defender\msascuil.exe   
Description:   Windows Defender notification icon
Status:  Y - Yes, this program is necessary to run in order for the computer or a program to operate correctly.

 

Please verify tho!

 

Windows10's big Update occurred exactly when my cable modem slowly died.  I thought I was looking at malware at first, not hardware.  I got a little delete-happy and figured I horked up my install, so did a Windows Settings refresh while saving my data.  Yet now my login is 'Administrator' and I can't change it, yet I have to provide administrator privilages to move files to different folders.  Flat out can't save in other folders, and am prompted for every move I make.  Program defaults aren't 'sticking' either.  Which smells like fish to me.

 

autoruns64.exe has a "TotalVrus" check feature, and this entry with a lingering 'L' is missing in the Startup Database (as if it were just a typo, extra character).  It scored a 0/62 for being a threat, if their source is legit:

 

https://www.virustotal.com/en/file/55a81acee419a8e6a246239d277a4f11c232ec168039400bb2f783e3d4fd27a6/analysis/


Edited by hamluis, 06 September 2017 - 07:53 PM.
Moved from Windows Startup DB to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users