Which app's process is this
- Thread starter becool773
- Start date
nRiTeCh
Skilled
306c4d24.exe looks like you are on Win11.
Nothing shows up on google.
See if it shows in task manager under process or details. Right-click it and open file location and you might get some lead.
Also, better scan your system with malwarebytes as it will instantly identify such processes and let us know the results.
Nothing shows up on google.
See if it shows in task manager under process or details. Right-click it and open file location and you might get some lead.
Also, better scan your system with malwarebytes as it will instantly identify such processes and let us know the results.
Last edited:
His query is regarding 306c4d24.exe. Lol
He is on Windows 10. Those icons give it away.
Or he can look up this exe on Everything, check it's properties for signatures and upload it on virustotal.
Yeah OP let us know what you got in there.
Last edited:
No, on windows 10. Scanned using windows defender, kvrt all clean. Installed and scanned using malwarebytes just now and it found these
Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional | Malwarebytes Labs
PUM.Optional is a category of Malwarebytes’ detections that deal with potentially unwanted modifications.
www.malwarebytes.com
What exactly do you think are these? I have very limited softwares installed in this pc and that too related to work. Though I have installed O&Oshutpup 10, wpd10 and privatezilla to reduce telemetry and what not 6 months back. Can these be the issue? The pc works fine btw.
This process is not showing in task manager anywhere.
@rootyme
Everything shows zero results about 306c4d24.exe
nRiTeCh
Skilled
Observe for a day or two if the process returns.No, on windows 10. Scanned using windows defender, kvrt all clean. Installed and scanned using malwarebytes just now and it found these
Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 7430, 676881, 1.0.85157, , ame, , ,
PUM.Optional | Malwarebytes Labs
PUM.Optional is a category of Malwarebytes’ detections that deal with potentially unwanted modifications.
What exactly do you think are these? I have very limited softwares installed in this pc and that too related to work. Though I have installed O&Oshutpup 10, wpd10 and privatezilla to reduce telemetry and what not 6 months back. Can these be the issue? The pc works fine btw.
This process is not showing in task manager anywhere.
@rootyme
Everything shows zero results about 306c4d24.exe
AFAIK MB nullifies such infections even if they cannot be completely removed.
Also, I hope you have windows defender active, updated and kicking. Check the process or exclusions there.
Most importantly, check in Task Scheduler for any unknown fishy entry. Carefully analyze and delete it.
More here..
PUM.Optional.disableMRT
I've been infected with a virus that has access to all my socials and stuff on my device, please advice what i should do, my FRST, Additions, and Malwarebytes Threat Scan logs are as follows Addition.txt FRST.txt
forums.malwarebytes.com
MalwareBytes has quanratied it. Should I delete them?Observe for a day or two if the process returns.
AFAIK MB nullifies such infections even if they cannot be completely removed.
Also, I hope you have windows defender active, updated and kicking. Check the process or exclusions there.
Most importantly, check in Task Scheduler for any unknown fishy entry. Carefully analyze and delete it.
More here..
PUM.Optional.disableMRT
I've been infected with a virus that has access to all my socials and stuff on my device, please advice what i should do, my FRST, Additions, and Malwarebytes Threat Scan logs are as follows Addition.txt FRST.txt
WD is already updated and running. I scanned with kvrt too, all clean.
Nothing in task manager.
I did not understand that thread, can you please eli5 what these PUM's are?
I have installed these
Reviews about O&Oshutpup 10, wpd10 and privatezilla
Anyone using softwares like O&Oshutpup 10, wpd10 and privatezilla to reducte telemetry etc. ? Do these give any errors or idk someother problem in windows?
techenclave.com
nRiTeCh
Skilled
You should.
Thank MalwareBytes.
Ignore. It was just for ref.I did not understand that thread, can you please eli5 what these PUM's are?
I have installed these
Could these be the reason behind it?Reviews about O&Oshutpup 10, wpd10 and privatezilla
Anyone using softwares like O&Oshutpup 10, wpd10 and privatezilla to reducte telemetry etc. ? Do these give any errors or idk someother problem in windows?
Found more processes
Am I fcked? Ran kvrt+MalwareBytes again everything is clean. What should I do now?
Can apps like these behind these processes?
Reviews about O&Oshutpup 10, wpd10 and privatezilla
Anyone using softwares like O&Oshutpup 10, wpd10 and privatezilla to reducte telemetry etc. ? Do these give any errors or idk someother problem in windows?
techenclave.com
+ @guest_999 @LinkdJay @calvin1719 @rootyme
Right click on them & select "open file location" then post those locations here.
Right clicked on it but it doesn't work. Kept the cursor on it and it showed locations, too bad I cleared the usage history for the process in the main post
Removed images due to heads up by @kiran6680
@LinkdJay @rootyme @nRiTeCh
Edit-
Can't find these locations/folders in C:\Users\xxxx\AppData\Local\Temp
Last edited:
Please stop tagging me on support posts.
nRiTeCh
Skilled
Right click open loc only works from taskmanager not windows app.
@becool773 check if these are running in task manager.
Have you checked task scheduler? I told you to do so last time.
I wonder why you were so much afraid of telemetry that you installed those tools and then this.
You need to dive deep inside registry editor along with task scheduler. If you cannot then best bet is to reinstall the os rather than playing around as not all infections can be 100% cleaned.
There is nothing in task manager. Task scheduler when opened shows about usual processes scheduled under active tasks. Can we search for these processes there?
Besides malwarebytes, anything else that can be tried before reinstallation? And as malwarebytes and kvrt are saying that all files are clean, so is it safe to copy files and folders elsewhere?
It seems those files were removed by antivirus/defender/mbam but leaving behind traces in the form of scheduled tasks. I suggest you to follow the advice given by others & format & reinstall windows & this time don't install any "tweak/privacy software/script".
nRiTeCh
Skilled
Unfortunately, such infections and their process are rather dynamic in nature hence not every error can be found on the net.
You can give a try to Avast av and select Boot scan in the settings, it reboots your pc and does a boot scan before loading the actual os.
Last best bet before giving up.
Bro if i go for reinstall of windows then do I need to format the whole drive i.e. format the d drive also? Or just install windows in c drive like usual?
On an average, how much writes does reinstallation takes in a ssd? And as malwarebytes and kvrt are saying that all files are clean, so is it safe to copy files and folders elsewhere?
+ @guest_999
Just install windows in C drive as usual after formatting the C drive only. make sure to not delete/format the wrong partition so give attention to the partition sizes assuming your C & D partition have different size.
Clean Install Windows 11 Tutorial
This tutorial will show you step by step on how to clean install Windows 11 at boot on your PC with or without an Internet connection and setup with a local account or Microsoft account. Windows 11 has all the power and security of Windows 10 with a redesigned and refreshed look. It also comes...
www.elevenforum.com
Unless you are installing windows every week you can ignore this, it takes around 20-40GB I think.
As malwarebytes and kvrt are saying that all files are clean, so is it safe to copy files and folders elsewhere? I mean will the copied files or folders infect other systems?Just install windows in C drive as usual after formatting the C drive only. make sure to not delete/format the wrong partition so give attention to the partition sizes assuming your C & D partition have different size.
Clean Install Windows 11 Tutorial
This tutorial will show you step by step on how to clean install Windows 11 at boot on your PC with or without an Internet connection and setup with a local account or Microsoft account. Windows 11 has all the power and security of Windows 10 with a redesigned and refreshed look. It also comes...
Unless you are installing windows every week you can ignore this, it takes around 20-40GB I think.
Since you are using this machine for work, could even be some badly behaved corporate application that is creating and running these files. E.g. one guy had Adobe Acrobat create hexadecimal named files right in their drive root : https://superuser.com/questions/160...-with-hex-names-that-show-up-in-my-drive-root
Not only Adobe, many other corporate darling applications, including scripts by internal IT team are badly behaved i.e. create suspicious files and don't clean up properly.
Check the creation times of these files, and what you were doing around that time. Maybe write a script to check that folder for files every minute. Also stop posting the hexadecimal name on the internet, because it might encode some information about you or your employer.
Not only Adobe, many other corporate darling applications, including scripts by internal IT team are badly behaved i.e. create suspicious files and don't clean up properly.
Check the creation times of these files, and what you were doing around that time. Maybe write a script to check that folder for files every minute. Also stop posting the hexadecimal name on the internet, because it might encode some information about you or your employer.
He is running privacy/performance tweaks script which modify core windows system files, I really doubt his pc is having any corporate control.