Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Here's A Possible Virus

DVDR_Dog

DVDR_Dog

Ultimate Donator
Donator
VIP
Joined
Nov 5, 2018
Messages
2,961
I suspect I must have picked this up when installing a crack.
About every 15 minutes or so and some event sets it off.
What happens is a Powershell window pops up just for a second or less. I have been unable to determine much about it since it happens so quickly. From what I see (but don't believe) is something about a a validation count.
I think it had something related to a patch that was supposed to be a fix for Revo.
Doesn't matter, time for a fresh install when stuff like this happens.
Anybody have any ideas? Two A/V programs can't find anything. It's just that power shell program executing so often can't be good.
 
Reset your Browser settings.

Other thing is check your scheduled events. Ive had this kind of attack a lot in the past, but I dont get the issue ony more. If I do, just do a reset and sorted.
 
I wiped the system, I am paranoid. Just wondering what this program was doing. I thought it was a bit strange when there was an additional step for the install. I guess I was in a hurry.
 
OK here's the answer. The program that carries the payload is YT Saver. Too bad it's the one program that works. The payload is using powershell to contact "activatorcounter com" at 104.21.41.88 port 443, and IP 172.67.163.70 port 443. I haven't had time to reverse engineer the program, it's got a bunch of modules. I have the program blocked w/firewall so it keeps trying quite a lot.
I have blocked the program outbound connections until I find another working replacement.
 
Chuck 7 Zip at the exe installer and unpack it.

If they are a set of bodge artisits that packed it just delete out of it what you dont want and repack it.

If they used Install shield youll get a nag saying the program didnt load but it will.
 
DVDR_Dog said:
OK here's the answer. The program that carries the payload is YT Saver. Too bad it's the one program that works. The payload is using powershell to contact "activatorcounter com" at 104.21.41.88 port 443, and IP 172.67.163.70 port 443. I haven't had time to reverse engineer the program, it's got a bunch of modules. I have the program blocked w/firewall so it keeps trying quite a lot.
I have blocked the program outbound connections until I find another working replacement.
Click to expand...
I´m having 3 of those powershell windows blinking fast when computer restart, I can´t reas what is that about. Could you please explain how do you catch this virus?
 
You dont catch virus or malware just get rid of it.

1. Right click on your task bar and select "TASK MANAGER"

2. If only the processes list is visible click on SHOW MORE or DETAILS so that you get multiple tabs across the top.

3. Select STARTUP APPS

4. This is a list of all the programs that like to be loaded when the system boots. Some are completely unnecessary right click on the ones you which to disable and select disable in the list.

5. Once youve removed the ones you think you dont need (you can always enable them later) best to do a restart and see if the issue of shell windows is gone

6. If it is then all is good, mostly powershell or cmd calls are done to install drivers for hardware at the start of the load. Some older tools require the loading in this way.

7. If its still there, chack the list again and look for something you know isnt on your PC. Again disable it.

This method is just for the basic junk that gets attached to links on web pages. I would advise that you run a complete . FULL SCAN with a virus scanner and also run MALWAREBYTES it is free to use manually and you can pay subs on it too, entirely your choice

If its still there after this then let us know
 
Diguelo said:
You dont catch virus or malware just get rid of it.

1. Right click on your task bar and select "TASK MANAGER"

2. If only the processes list is visible click on SHOW MORE or DETAILS so that you get multiple tabs across the top.

3. Select STARTUP APPS

4. This is a list of all the programs that like to be loaded when the system boots. Some are completely unnecessary right click on the ones you which to disable and select disable in the list.

5. Once youve removed the ones you think you dont need (you can always enable them later) best to do a restart and see if the issue of shell windows is gone

6. If it is then all is good, mostly powershell or cmd calls are done to install drivers for hardware at the start of the load. Some older tools require the loading in this way.

7. If its still there, chack the list again and look for something you know isnt on your PC. Again disable it.

This method is just for the basic junk that gets attached to links on web pages. I would advise that you run a complete . FULL SCAN with a virus scanner and also run MALWAREBYTES it is free to use manually and you can pay subs on it too, entirely your choice

If its still there after this then let us know
Click to expand...
I followed you recommendations, it seems that Malwarebytes resolved the problem, thank you,
 
Process Lasso is great "IF" you know about it and have it installed.

Some of the junk Ive come across since 1979 tends to inhibit the loading or installing of anything that can get rid of it

I think the all time classic one, simple code limited the use of the PC to 30 seconds then forced it to reset. Took me a while to work out what was happening. Nothing listed in the Task Manager and didnt have enough time to get into services. Spin up HDD and 128MB of ram and processors slower than my watch had, thin it was early 2000s.
Finally ended up ripping the hard drive out of the PC and stuck it in a dock. God didnt help. Some clever little person had tied the code into the boot.ini file and tucked the 32kb file away in the windows folder. A stunning little device it was, LSS if the names right. Wrote a sscript to junk it on reboot.

<Wanders off down memory lane>
 
You must log in or register to reply here.

Similar threads

DVDR_Dog
Browser Rant Thread Here
Replies
2
Views
151
hacxx
hacxx
AFFASocial
Windows 11 24H2 now rolling out, here are the new features
Replies
3
Views
3K
garibaldo''
garibaldo''
DVDR_Dog
Here's a Site With Plenty of Useful Programs
Replies
5
Views
1K
cave-mann
cave-mann
DVDR_Dog
AMD processors are far behind Qualcomm, Intel, and Apple in battery life. Here's why.
Replies
0
Views
420
DVDR_Dog
DVDR_Dog
B
About the adobe photoshop, newbie here
Replies
7
Views
3K
erika_snoe
E

Latest posts

Back
Top