Jump to content

spackleheart

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About spackleheart

  • Rank
    Newbie
  1. Since I applied 3.1.13.9666 I have started seeing recurring application errors in my event log. They often appear during bootup. I didn't see any references to anything like this in the forums. I recently uninstalled and reinstalled the program, but that had no effect. Below is a typical example. Log Name: Application Source: Application Error Date: 11/2/2014 13:01:45 PM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: [redacted] Description: Faulting application name: sfc.exe, version: 3.1.13.9666, time stamp: 0x53b1bb93 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting process id: 0xe60 Faulting application start time: 0x01cff6c7103e4f6e Faulting application path: C:\Program Files\Immunet\3.1.13\sfc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 4e74da6e-62ba-11e4-9643-d4bed9a10d9f Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-11-02T18:01:45.000000000Z" /> <EventRecordID>35923</EventRecordID> <Channel>Application</Channel> <Computer>9zm2qs1.nccer.org</Computer> <Security /> </System> <EventData> <Data>sfc.exe</Data> <Data>3.1.13.9666</Data> <Data>53b1bb93</Data> <Data>ntdll.dll</Data> <Data>6.1.7601.18247</Data> <Data>521eaf24</Data> <Data>c0000374</Data> <Data>00000000000c4102</Data> <Data>e60</Data> <Data>01cff6c7103e4f6e</Data> <Data>C:\Program Files\Immunet\3.1.13\sfc.exe</Data> <Data>C:\Windows\SYSTEM32\ntdll.dll</Data> <Data>4e74da6e-62ba-11e4-9643-d4bed9a10d9f</Data> </EventData> </Event>
  2. I am seeing the same false positives, just got another one today. The problem is, the file and folder names change, and the extension is too generic to exclude. I have created a threat exclusion for Clam.Win.Trojan.Scarh as a workaround.
  3. Immunet reports the I7TurboGT.exe file from RealTemp_370.zip package as W32.SHEATH.COHORS.JAN.357DA7 Source to download the file: http://www.techpowerup.com/downloads/2089/mirrors.php Virustotal comes back clean, and it's a file from a reputable source, so I'm calling it a false positive.
×
×
  • Create New...