It looks like it was fine, however running ADWCleaner caused the PC to lock up entirely, requiring a hard reboot.
I have seen this happen when user folders such as Documents/Desktop are redirected to a server or DFS namespace, such as \\domain.local\users\username\desktop, but this person had no such redirect as they have no server.
They might have a mapped drive to their NAS, but no folder r...
Hello,
@Overkill:
It should be better with the latest definitions. Can you confirm ?
Best regards,
Hi Xplode, sorry for dropping off the map like that. Life has been crazy.
Kaseya changed their paths; here's their current paths (I included our GUID, but other companies will have a different one):
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\AgentMon.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\curl.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\DLLRunner32.exe
C:\P...1) There should be only one antivirus program in system!
2) I recommend to uninstall this:
Bitdefender 60-Second Virus Scanner, ESET Online Scanner v3, Malwarebytes Anti-Malware version 2.2.1.1043, SUPERAntiSpyware. Also there are drivers from McAfee. Them also should be cleaned.
Traces from whole bunch of antivirus tools, like UVK - Ultra Virus Killer, Zemana, RogueKiller, ZHPCleaner, Tre...
1) There should be only one antivirus program in system!
2) I recommend to uninstall this:
Bitdefender 60-Second Virus Scanner, ESET Online Scanner v3, Malwarebytes Anti-Malware version 2.2.1.1043, SUPERAntiSpyware. Also there are drivers from McAfee. Them also should be cleaned.
Traces from whole bunch of antivirus tools, like UVK - Ultra Virus Killer, Zemana, RogueKiller, ZHPCleaner, Tren...
Alors oui, effectivement, j'ai désinstallé chrome et tous les composants "Google", vires tous les fichiers dans USER (C:\Users\Utilisateur\AppData\Local\Google), redémarre la bête, passe un p'tit coup de ccleaner, puis RogueKiller ... et normalement ...
Enfin, pour moi, ça a fonctionné comme ça ;-)
Et dis toi comme dans la pub "Je l'aurais une jor, je l'aurais !" LOL
Salut FredAtWeb
Effectivement ... On a de drôe de nom ... J'ai essayé avec RogueKiller (Version gratuite) mais rien de mieux .
Toujours ces deux fichiers qui disparaissent avec un passage d'ADW mais reviennent !!!
Il va falloir peut etre me résoudre a supprimer Goggle Chrome ! Je ne vois pas d'autre possibilité .. pour le moment.
Merci de ton aide . Si tu as un autre tuyau n'hésites pas A b...
Bonjour hamrog (on a tous de drôle de nom quand même ! LOL)
Hé bien oui ! Figures-toi que j'ai testé autre chose ... Essaye RogueKiller, dans sa version gratuite ;-)
A bientôt
Unfortunately it still gets killed. I suspect it is javaw.exe since the remote software program runs on Java
http://i.imgur.com/ImbkIiJ.png
javaw.exe shows up twice in the debug log but it is not whitelisted.
Appreciate your help
Thank you for taking the time to work with me on this. It is greatly appreciated.
In the debug log I see SimpleService.exe as a service being killed with no whitelist line under it but it appears that file isn't actually the file that keeps the remote session active anyways.
I manually killed the SimpleService.exe service and the remote session stays active with no problems.
Please see scree...