Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I have a virus?


  • Please log in to reply
1 reply to this topic

#1 squanch

squanch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 03 September 2017 - 09:04 PM

Looked at my antivirus status this morning and noticed that there are 8 "Caution.Rootkit" files found by my webroot antivirus.

 

System\CurrentControlSet\Services\CDPUserSvc_3cabb\

System\CurrentControlSet\Services\DevicesFlowUserSvc_3cabb\

System\CurrentControlSet\Services\MessagingService_3cabb\

System\CurrentControlSet\Services\OneSyncSvc_3cabb\

System\CurrentControlSet\Services\PimIndexMaintenanceSvc_3cabb\

System\CurrentControlSet\Services\UnistoreSvc_3cabb\

System\CurrentControlSet\Services\UserDataSvc_3cabb\

System\CurrentControlSet\Services\WpnUserService_3cabb\

 

After removing them and restarting the computer the AV again finds these as a threat, continuing the loop.

 

Are these actually threats? As far as I can tell everything before the "3cabb" is legitimate, but unsure of this particular extension.

 

Im running windows 10 Pro, Version 10.0.15063 Build 15063

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jenae

jenae

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 September 2017 - 10:09 PM

Hi, open services.msc, you will see these services listed among windows services. The xxxxx at the end changes between boots. They are part of MS telemetry and one drive sync, introduced to windows ten, unless you know how to be rid of them (and there is no reason to) they will be on all win 10 machines. I cannot believe people still use third party security on windows ten when MS give you all you need, with the exception of malware in which case SuperAntiSpyware or the free version of malwarebytes can be used.   


Edited by jenae, 03 September 2017 - 10:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users