Forums General Discussion Question about ZHPsuite 2020

Keywords : ,

15 topics 46 to 60 (out of a total of 68)
  • Author
    Messages
  • Avatarg3n
    • Subscriber
    @g3n
    Nombre d'articles : 25

    I know well but concern is that I never managed to get the contents out of the slmgr window in a txt if I had got there the rest would be a game d’ to transcribe everything and prevent certain sensitive information from being made public., I tried by all means but the result output : white sheet lol

    PS :

    this morning I look at a report on a topic and reading it, I was particularly surprised by the difference in signature detection and the signature shown :

    SR – Boot [07/12/2019] [ 166712] (vsmraid) . (.VIA Technologies Inc.,Ltd.) – C:\WINDOWS-System32-drivers-vsmraid.sys>.Microsoft®
    SR – Boot [07/12/2019] [ 412176] Intel RAID Controller Wi (iaStorV) . (.Intel Corporation.) – C:\WINDOWS-System32-drivers-iaStorV.sys>.Microsoft®

    AvatarZorKas
    • Subscriber
    @zorkas
    Nombre d'articles : 41

    Bonjour Nicolas,

    I just tested your latest version: ZHPDiag v2020.10.21.246 By Nicolas Coolman (2020/10/21) so I'll get you the news:

    In the analysis, the report shows that 2 Hijacker.Hosts below:

    —\ STUDY OF THE HOSTS FILE (3) – 0s
    O1 – Hosts: 178.255.86.194 download.comodo.com>Hijacker.Hosts
    O1 – Hosts: 178.255.86.194 http://www.download.comodo.com =>Hijacker.Hosts
    Number of lines hijacked or corrupted 2/24 (Hosts file redirected or corrupted)

    rapport zhpsuite

    In fact these are Comodo's legitimate servers for downloading CIS's antiviral databases (Comodo Internet Security). For info in Beta versions the hosts file must be changed manually before installation.

    Really good this ZHPSuite version, good work, Thank you ! :Good:

    Kind regards

     

     

    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2203

    Hello Patrick,

    OK, I'll take into account the IP address of comodo.

    https://whois.domaintools.com/178.255.86.194

    Avatarg3n
    • Subscriber
    @g3n
    Nombre d'articles : 25

    hello visibly my message relating the error detection of capicom.dll as adware didn't pass it had to get stuck in the’ approved. WordPress

    C:\Windows Capicom.dll

    https://www.virustotal.com/gui/file/a95c379fc9755d2f814423d416efffa2351814925f0285f077955e572bef35da/detection

    if you want to study the file

    http://gen-hackman.serveftp.com/Temp/CapiCom.dll

     

    Avatarg3n
    • Subscriber
    @g3n
    Nombre d'articles : 25

    ah j ‘ai compris c est le lien de mon serveur qui bloque c’est pour ca que mon message passe pas je te l ‘envoie par cjoint alors

    Detection :

    C:\Windows\capicom.dll => Adware

    Virustotal :

    https://www.virustotal.com/gui/file/a95c379fc9755d2f814423d416efffa2351814925f0285f077955e572bef35da/detection

    Si tu veux étucier le fichier

    https://www.cjoint.com/doc/20_10/JJDrhcX2vsA_CapiCom.zip

    Avatarg3n
    • Subscriber
    @g3n
    Nombre d'articles : 25

    Salut Nicolas

    I'm reporting a mis detection :

    C:\WINDOWS-capicom.dll>Adware.Suspect

    https://www.virustotal.com/gui/file/a95c379fc9755d2f814423d416efffa2351814925f0285f077955e572bef35da/detection

    if you want to study the file :

    http://gen-hackman.serveftp.com/Temp/CapiCom.dll

    AvatarFirebird
    • Subscriber
    @firebird
    Nombre d'articles : 11

    Bonjour Nicolas,

    Firefox, although installed, is not listed in the ZHPDiag report.

    Excerpt from the ZHPDiag report
    ---\\ INTERNET BROWSERS (2) - 0S - MSIE: Internet Explorer v11.572.19041.0 - OBIE: Microsoft Edge v86.0.622.51 Excerpt from the default BROWSER FRST report: Ff
    
    

    Wondershare is indicated by ZHPSuite , but not listed as PUP by ZHPSuite.
    https://www.pcsansvirus.com/pages/supprimer-wondershare.html

    Excerpt from the ZHPDiag Report
    [HKLM-SOFTWARE-Microsoft-Windows-CurrentVersion-Explorer-StartupApproved-Run]:Wondershare Helper Compact.exe>.Wondershare

    ---\\ RECAP OF THE ITEMS FOUND (4) - 0https://nicolascoolman.eu/2017/09/12/origine-lignes-orphelines/>.Extra. Orphan https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/>Extra. Optional.AdvancedSystemCare https://://nicolascoolman.eu/forum/Topic/warning-eventlogapp-evenement-dapplication/>Warning.EventLogApp https://://nicolascoolman.eu/forum/Topic/warning-eventlogsys-evenement-systeme/>Warning.EventLogSys
    
    

    Reports

    :Bye:

     

    AvatarFirebird
    • Subscriber
    @firebird
    Nombre d'articles : 11

    Bonjour Nicolas,

    I sent a message on ZHPSuite, but it doesn't appear, maybe the time of moderation.

    I pointed out that WonderShare is listed in the ZHPDiag report but not listed as PUP in the racapitulative elements.

    In addition, Ff, default browser is not listed by ZHPDiag, verified in several reports.

    Reports
    https://cjoint.com/doc/20_10/JJCwn1t0r47_ZHPDiag.txt
    https://cjoint.com/doc/20_10/JJCwox6lDb7_FRST.txt
    https://cjoint.com/doc/20_10/JJCwnyHSry7_Addition.txt

    :Bye:

    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2203

    Hello g3n,

    There is a suspicious detection of this dynamic resource because it is not installed in its default "System32" folder.
    C:\WINDOWS-capicom.dll>Adware.Suspect

    Because the resource is healthy, you can ignore the detection, but I prefer to keep the caveat…

    Avatarg3n
    • Subscriber
    @g3n
    Nombre d'articles : 25

    Heard :)

    Personally I do not have it in the system32, it's a dll that is used to sign a file digitally because it works with signtool.exe

    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2203

    Hello g3n,

    Personally I do not have it in the system32, it's a dll that is used to sign a file digitally because it works with signtool.exe

    J’utilise aussi signtool.exe, et cette DLL n’est pas présente à la racine de Windows mais bien dans system32.

    AvatarFirebird
    • Subscriber
    @firebird
    Nombre d'articles : 11
    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2203

    Hello Firebird,

    Yes, j’avais lu tes messages !

    Pour Firefox,
    Vérifie si tu as maintenant Firefox avec la v248 que je viens de mettre en ligne.

    Pour Wondershare,
    Wondershare n’est pas un logiciel publicitaire, donc il reste qualifié en légitime et n’est pas listé dans les éléments trouvés.

    AvatarFirebird
    • Subscriber
    @firebird
    Nombre d'articles : 11

    Bonjour Nicolas

    OK for the legitimacy of WonderShare.

    On the other hand, Firefox installed remains absent from ZHPDiag report, avec ZHPSuite dernière version téléchargée à l’instant.

    Example : Excerpt from a ZHPDiag report made at the moment.
    https://www.cjoint.com/doc/20_10/JJEwNkCIFq7_ZHPDiag.txt

    :Bye:

    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2203

    Bonjour Nicolas

    OK for the legitimacy of WonderShare.

    On the other hand, Firefox installed remains absent from ZHPDiag report, avec ZHPSuite dernière version téléchargée à l’instant.

    Example : Excerpt from a ZHPDiag report made at the moment.
    https://www.cjoint.com/doc/20_10/JJEwNkCIFq7_ZHPDiag.txt

    :Bye:

15 topics 46 to 60 (out of a total of 68)
  • You need to be logged in to answer about it.