Thank you very much for this masterpiece of software. i was infected by some kind of zeroaccess. not the original one. the one i have is not to detect with "normal" and promoted methods like tdss killer and similar. i did many research and from the traces i found, i conclude it might be zeroaccess. no one was able to help me until now. not even so called "experts". everyone told me i didnt have any issue. then i ran your program. the log showed anything suspicious i found over the last months. and it directley fixed it. restarting the machine and.. everything gone. i still can not believe it. your a genius man. the only one who could help me. you can be proud of yourself. thank you very much. greetings andi.
I have a couple of false positives to report that keep getting flagged, but shouldn't be.
1. Under Scheduled Tasks, RunAsStdUser Task is C:\Program Files\GPSoftware\Directory Opus\dopus.exe
This is a legit Directory Opus entry.
2. Under Shortcuts, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited\TeraByte OSD Tool Suite Pro\Ready To Run Scripts\INISTART - Reset Windows Startup.lnk
This is a legit Terabyte Image for Windows shortcut.
The new version is detecting this Registry Key:
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}
And according with the Google "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" is the product code of Visual C++ 2010 Redistributable Package (x86).
I don't know if it should detect this registry key.
@ibanez0r You're welcome to continue using our free version of GlassWire indefinitely. Our free software is extremely powerful on its own and it never expires or stops working. We chose to interface with the Windows Firewall API because the Windows Firewall is used by over a billion Windows users world-wide. Also we think software that disables the Windows Firewall feels sketchy to us, but maybe we're just paranoid. :)
hi
Have the same key like the user "BakuDM" (see below) on my 3 laptops (maybe a false/positive-detection) :
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
see yahhhh....!
For some reason after the last update it's detecting 2 Registry entries and one of them is related to Windows Defender, so I suppose it is a false positive.
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
Key Found : HKLM\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe
Developer Xplode.
THANK YOU VERY MUCH for providing one of the most effective anti-malware tools in the world.
THANK YOU VERY MUCH for continuing to support Windows XP. Without AdWare,
I could not safely use the Internet with XP...since so many 'paid' anti-malware software stopped supporting XP.
If you had a Donate Now button, I would click it immediately.