DNS RESOLVER IMPLEMENTED AS A WINDOWS SERVICE (MAIN FEATURE INTERCEPTION AND REDIRECTION TO ANOTHER HOSTED DNS SERVER) with WinDivert

Good day  forum    Programming environment  Visual STUDIO  2015, Windows  Driver , and WinDivert (https://github.com/basil00/Divert)

Am a research student on DNS RESOLVER IMPLEMENTED AS A WINDOWS SERVICE  (MAIN FEATURE INTERCEPTION AND REDIRECTION TO ANOTHER HOSTED DNS SERVER)  with WinDivert     I just started  looking at WinDivert (https://github.com/basil00/Divert)      My Programming envir...

Re: Start\Windows icon

Have you noticed anything else weird/out of the ordinary on your PC? Can you try booting into Windows "Safe mode with networking" and see if you can do any of the actions through that. Otherwise, I would recommend doing a thorough malware check just in case.

Full and thorough malware check:

1. Restart your PC in “Safe mode with networking.” 2. Install and run RKill to kill malicious processes...

Re: Win10PESE startup

The only way you can boot from the disk itself is through PXE and network booting (Advanced Windows Server things :) ). Any other way is impossible. Ah yes, good point covering RAM totally went out of my head. In general, this seems more like some specific hardware issue than anything else.

Re: pup optional legacy

Could you define the nature of the pop-up? Is it in the browser? On the desktop? through certain applications? When did the issue start happening? (Please answer these before continuing the read)

Since I am not certain about how it manifests, I can only offer a general thorough PC clean-up. The following steps should help you remove the issues, but make sure to post MBAM and ADW logs after sca...

Re: Error ADW 7.0.1.0

Could you try restarting your PC in safe mode with networking, install Malwarebytes, do a full scan with them and then attempt to scan with AdwCleaner. 

Before that, you could also use RKill to kill any malicious software before using anti-malware. Let me know if this helps.

Re: PUP.Legacy.Optional - 3 Threats Identified

Well.... My previous solution in Windows "Safe mode with networking" should help you out if you haven't done that. Alternatively, you could try using RKill to kill malicious software first. Then remove the identified files manually, afterward do a thorough scan with Malwarebytes, AdwCleaner, and HitmanPro. This should definitely yield some results.

Potential false positives?

Hi

I'm running the latest version of ADW cleaner and got this back as my report.

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.CrossRider, C:/Users\Gamefan\AppData\Roaming\app

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

...

Re: AdwCleaner signature

Hello, 

Here is the logfile that was displayed:

== Scan for security software untrusted certificates | Support: <mailto:untrustedcerts@fr33tux.org> == This software will look for known security vendor certificate in the Windows Untrusted Store and remove the legit ones. This should allow your security software to launch again properly.

========= 03D22C9C66915D58C88912B64C1F984B8344EF09 [!] F...

Re: PUP.Legacy.Optional - 3 Threats Identified

Ran v7. This time only found two elements -- same file "PUP.LEGACY.OPTIONAL". Computer restarted after I clicked clean/remove option. When I ran scan again, same two objects were found. If you can think of any options, please advise. If think running scans in safe mode w/networking is best option, I'll give that a shot.

Thanks again for all the help. 

Re: PUP.Legacy.Optional - 3 Threats Identified

I took a look at steps to do safe mode w/networking scan few weeks ago. When I tried to start it on my PC, I ran into some abmiguous choices and was afraid to pick the wrong option and really screw something up so I cancelled the scan. 

Point of reference -- I'm pretty good with everyday computer issues, but in over head when dealing with startup processes, program installs, etc.