Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 2046 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False Positives?

John Morales

Hello I wonder if those are false positives, I checked with VT and other engines and all said its clean.

[code]
HitmanPro 3.8.23.318
www.hitmanpro.com

Computer name . . . . : DESKTOP-LQG0EP3
Windows . . . . . . . : 10.0.0.19043.X64/8
User name . . . . . . : DESKTOP-LQP0EV3\new1
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2021-07-28 21:32:35
Scan mode . . . . . . : Normal
Scan duration . . . . : 58s
Disk access mode . . : Direct disk access (Default)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 11

Objects scanned . . . : 3.954.045
Files scanned . . . . : 6.138
Remnants scanned . . : 2.140.277 files / 1.807.630 keys

Suspicious files ____________________________________________________________

C:\Windows\System32\smartscreen.exe
Size . . . . . . . : 2.378.752 bytes
Age . . . . . . . : 47.2 days (2021-06-11 16:36:40)
Entropy . . . . . : 7.1
SHA-256 . . . . . : 9605680FC164ACB985C031ECA2C8BC4909CF8B749C571DB6DE2B0B2C204C2163
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Defender SmartScreen
Version . . . . . : 10.0.19041.1052
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Parent Name . . . : C:\Windows\system32\svchost.exe
LanguageID . . . . : 1033
Running processes : 6020
Fuzzy . . . . . . : 23.0
The process memory is missing its source executable file name. This is typical for malware.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program is running but currently exposes no human-computer interface (GUI).
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

C:\Windows\System32\spoolsv.exe
Size . . . . . . . : 803.328 bytes
Age . . . . . . . : 19.2 days (2021-07-09 15:50:12)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D3E1BCCEC4899A2E4ED51207830618480F6A35449CFA516381C0B1AF2AEDEC38
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Spooler SubSystem App
Version . . . . . : 10.0.19041.1083
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Spooler
LanguageID . . . . : 1033
Running processes : 4004
Fuzzy . . . . . . : 24.0
The process memory is missing its source executable file name. This is typical for malware.
This program is actively listening for inbound network connections.
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\
Network Ports
0.0.0.0:49675


Cookies _____________________________________________________________________

C:\Users\ner0\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\ner0\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\ner0\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\ner0\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\ner0\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com


[/code]



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML