Jump to content

Which app's process is this

pchelp
By pchelp
in Windows
 Share
Posted

That screenshot gives nothing of value. Why does that even matter anyways? Run malwarebytes if you are thinking you got compromised with viruses.

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18! jellYfIn Client siDE TRanscoDinG

Link to post
Share on other sites
Posted

can you find it in Task Manager? the fact that it uses less than 1MB makes it much less concerning

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
15 minutes ago, Levent said:

That screenshot gives nothing of value. Why does that even matter anyways? Run malwarebytes if you are thinking you got compromised with viruses.

Malwarebytes, KVRT, Windows defender found nothing. All is well then?

Different question, scanning a pc with anti virus's, does it lead to more writes for a ssd?

Link to post
Share on other sites
Posted
2 minutes ago, pchelp said:

Malwarebytes, KVRT, Windows defender found nothing. All is well then?

Different question, scanning a pc with anti virus's, does it lead to more writes for a ssd?

If you read a book, does that mean you wrote on it? 
 

No.

 

If the results are clear in three different AVs, one would assume they are good.

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18! jellYfIn Client siDE TRanscoDinG

Link to post
Share on other sites
Posted

No.

 

Search for that file name and you'll see where it is, folder might tell you what it belongs to.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to post
Share on other sites
Posted
2 hours ago, pchelp said:

I didn't get the context of this.

Different question, scanning a pc with anti virus's, does it lead to more writes for a ssd?

no, scanning is reading, just like you scan the book with your eyes when you read it

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
  • 2 weeks later...
Posted
  • Author

@podkall @Levent @Kilrah

Update-

Malwarebytes found these today

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,

https://www.malwarebytes.com/blog/detections/pum-optional

What exactly do you think are these? I have very limited softwares installed in this pc and that too related to work. Though I have installed O&Oshutpup 10, wpd10 and privatezilla to reduce telemetry and what not 6 months back. Can these be the issue? The pc works fine btw.

Link to post
Share on other sites
Posted
1 hour ago, pchelp said:

@podkall @Levent @Kilrah

Update-

Malwarebytes found these today

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,

https://www.malwarebytes.com/blog/detections/pum-optional

What exactly do you think are these? I have very limited softwares installed in this pc and that too related to work. Though I have installed O&Oshutpup 10, wpd10 and privatezilla to reduce telemetry and what not 6 months back. Can these be the issue? The pc works fine btw.

quotes must be orange to work like this @podkall after you start typing someone's nick the selection should appear,

 

it's possible these are malwares, are are some of these paths familiar to any programs you use? because whatever Malwarebytes finds as malware it wants to remove, but of course only if you tell it to remove those files.

 

PUM translates to "potential unwanted modification" so it's possible it's one of those programs' fingerprints

 

I'm only quoting @Kilrah and @Levent because you intended to quote them an hour ago, maybe they have some more input on this, but I'm just assuming

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
On 5/28/2024 at 7:49 PM, podkall said:

quotes must be orange to work like this @podkall after you start typing someone's nick the selection should appear,

 

it's possible these are malwares, are are some of these paths familiar to any programs you use? because whatever Malwarebytes finds as malware it wants to remove, but of course only if you tell it to remove those files.

 

PUM translates to "potential unwanted modification" so it's possible it's one of those programs' fingerprints

 

I'm only quoting @Kilrah and @Levent because you intended to quote them an hour ago, maybe they have some more input on this, but I'm just assuming

Thanks for replying and for correcting me. These two malwares are now in quarantine. How can i find their path? MalwareBytes just shows this

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,

Link to post
Share on other sites
Posted
2 hours ago, pchelp said:

Thanks for replying and for correcting me. These two malwares are now in quarantine. How can i find their path? MalwareBytes just shows this

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,

mrt is apparently microsoft's malicious software removal tool, not sure if the problem is that it's disabled, you can remove it if you have no software that could potentially disable that feature, it's possiblet he anti-spying software disables mrt to make anti-spy changes,

 

if the software doesn't need to be running or doing something on startup, it's fine to just remove this scanned threat

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
On 5/30/2024 at 11:07 AM, podkall said:

mrt is apparently microsoft's malicious software removal tool, not sure if the problem is that it's disabled, you can remove it if you have no software that could potentially disable that feature, it's possiblet he anti-spying software disables mrt to make anti-spy changes,

 

if the software doesn't need to be running or doing something on startup, it's fine to just remove this scanned threat

I did not disable mrt or anything but I am using O&O, WPD and Privatezilla. Can these cause issues like this?

Found more processes

 

https://imgur.com/a/TQYBnRT

 

https://imgur.com/a/oNTNYRm

 

Am I fcked? Ran kvrt+MalwareBytes again everything is clean. What should I do now?

 

 

Edit-

Right clicked on it but it doesn't work. Kept the cursor on it and it showed locations, too bad I cleared the usage history for the process in the main post

 

https://imgur.com/a/W4syDvv

 

 

+ @Godlygamer23 @Kilrah @Levent

 

Edit 1-

Can't find these locations/folders in C:\Users\xxxx\AppData\Local\Temp

Link to post
Share on other sites
Posted
5 hours ago, pchelp said:

Can't find these locations/folders in C:\Users\xxxx\AppData\Local\Temp

I don't know what these are, do you have "show hidden folders" enabled in the File Explorer?

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
18 hours ago, podkall said:

I don't know what these are, do you have "show hidden folders" enabled in the File Explorer?

Yes that option is already enabled. I think I need to format the os. Two questions, I have c and d drive partitioned in this drive. If I reinstall windows on c drive then will this spyware or whatever it is go away or formatting the whole drive, including d drive is necessary?

 

Is it safe to copy inportant files and folders from this pc to somewhere else? As windows defender, kvrt and malwarebytes are still saying that everything's clean.

Link to post
Share on other sites
Posted
7 minutes ago, pchelp said:

Yes that option is already enabled. I think I need to format the os. Two questions, I have c and d drive partitioned in this drive. If I reinstall windows on c drive then will this spyware or whatever it is go away or formatting the whole drive, including d drive is necessary?

 

Is it safe to copy inportant files and folders from this pc to somewhere else? As windows defender, kvrt and malwarebytes are still saying that everything's clean.

Not sure if that's possible, also doing this would probably erase some game's progress as well,

 

if Malwarebytes says everything is ok, I'd trust it.

 

You can try running this program before Malwarebytes and then scanning with MB after the program finishes what it's doing:

 

https://www.bleepingcomputer.com/download/rkill/

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, podkall said:

Not sure if that's possible, also doing this would probably erase some game's progress as well,

 

if Malwarebytes says everything is ok, I'd trust it.

 

You can try running this program before Malwarebytes and then scanning with MB after the program finishes what it's doing:

 

https://www.bleepingcomputer.com/download/rkill/

Ran rkill

Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Automatic Updates Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   "NoAutoUpdate" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

 

Scanned with malwarebytes later and still everything is clean. While you are right but I don't want to take any risks. Those kinda crappy files shouldn't be in the internet usage for no apparent reason and then there is nothing in their file location

 

Two questions, I have c and d drive partitioned in this drive. If I reinstall windows on c drive then will this spyware or whatever it is go away or formatting the whole drive, including d drive is necessary?

Is it safe to copy inportant files and folders from this pc to somewhere else? As windows defender, kvrt and malwarebytes are still saying that everything's clean.

Link to post
Share on other sites
Posted
12 minutes ago, pchelp said:

Scanned with malwarebytes later and still everything is clean. While you are right but I don't want to take any risks. Those kinda crappy files shouldn't be in the internet usage for no apparent reason and then there is nothing in their file location

where are you seeing the usage?

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
14 minutes ago, pchelp said:

As windows defender, kvrt and malwarebytes are still saying that everything's clean.

maybe everything is clean, those files using barely 1MB, what can you do with 1MB? not a lot, barely anything

 

if there's nothing suspicious running, there's nothing harmful, 99% of malwares get installed because people download something or click on some ad, if you don't do that you are safe

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
39 minutes ago, podkall said:

maybe everything is clean, those files using barely 1MB, what can you do with 1MB? not a lot, barely anything

 

if there's nothing suspicious running, there's nothing harmful, 99% of malwares get installed because people download something or click on some ad, if you don't do that you are safe

Check the screenshots here under Edit

Those are 10+MB

Link to post
Share on other sites
Posted
9 minutes ago, pchelp said:

Check the screenshots here under Edit

Those are 10+MB

I see files with { brackets and random letters and numbers in my temp folder, but haven't seen any random letter number exe files using internet:

 

image.png.428dd9b378921d0595b46bf84fb33ad4.png

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, podkall said:

I see files with { brackets and random letters and numbers in my temp folder, but haven't seen any random letter number exe files using internet:

 

image.png.428dd9b378921d0595b46bf84fb33ad4.png

That's the whole point of my last post. I can't find any folders that are mentioned in those screenshots. There are other folders which start with { but not the one's which have those .exe files which is using the internet in the background.

Link to post
Share on other sites
Posted
29 minutes ago, pchelp said:

That's the whole point of my last post. I can't find any folders that are mentioned in those screenshots. There are other folders which start with { but not the one's which have those .exe files which is using the internet in the background.

actual username, appdata, local

Note: Users receive notifications after Mentions & Quotes. 

Feel free: To ask any question, no matter what question it is, I will try to answer. I know a lot about PCs but not everything.

current PC:

Ryzen 5 5600 |16GB DDR4 3200Mhz | B450 | GTX 1080 ti [further details on my profile]

PC configs I used before:

  1. Pentium G4500 | 4GB/8GB DDR4 2133Mhz | H110 | GTX 1050
  2. Ryzen 3 1200 3,5Ghz / OC:4Ghz | 8GB DDR4 2133Mhz / 16GB 3200Mhz | B450 | GTX 1050
  3. Ryzen 3 1200 3,5Ghz | 16GB 3200Mhz | B450 | GTX 1080 ti
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Windows

×