Posts

Strange issue with my Asus laptop Windows 10, Not sure if caused by Malware


 

Please follow ..:

 

Run CKScanner

  • Download CKScanner from here and save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

Check the operating system

 

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

 

Scanning with SecurityCheck by glax24

 

  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \ SecurityCheck \ SecurityCheck.txt

 

Re-scan with FRST

 

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

 

 

CK Scanner Log:

 

CKScanner 2.5 – Additional Security Risks – These are not necessarily bad

c:program files (x86)asusatk packageatk…

Source…

Microsoft Weekly: Android on Windows, WHQL-signed malware, and 21H2 builds


Microsoft Weekly logo with an Android icon inside a Windows logo on the left and red padlocks on the

We’re at the end of the week, which means that it’s time to look at what happened in the world of Microsoft in the past few days. Windows 10 was primarily Microsoft’s focus in terms of new builds, but as we know, the upcoming version 21H2 build is just enablement package so don’t raise your expectations too much. More interestingly, Windows Subsystem for Android finally landed on preview builds of Windows 11. In the cybersecurity space, we also found out that Microsoft digitally signed a driver that was actually malware that can wreak havoc. Find out more about this in our weekly digest for October 17 – October 22.

Windows builds

Windows 10 logo with November 2021 Update written below it in blue

After giving Windows 11 all the attention for the past few weeks, Microsoft finally decided to give some love to Windows 10 too. The company released builds 19043.1319 and 19044.1319 for Insiders running version 21H1 or 21H2, respectively, in the Release Preview ring. Both builds have identical change logs, which makes sense because 21H2 is just an enablement package for 21H1 after all. Tons of bugs were squashed including those that affected subtitles from displaying on certain streaming sites or video playing apps. Enhancements were also made in the department of memory leaks and ransomware protections. You likely won’t notice any front-end enhancements if you install either of these builds though.

If you were thinking that build 19044.1319 will be the launch version of Windows 10 version 21H2 – when it eventually rolls out -, you’d be mistaken. Microsoft finally revealed that build 19044.1288 is a candidate build for that rollout and is now available for those on the Release Preview ring. The company has released ISOs too. The improvements offered in 19044.1319 will be provided in the next Patch Tuesday update. While a firm release date wasn’t disclosed, Microsoft referred to version 21H2 as the “November 2021 Update”, but also stated that out of the three noteworthy features promised for the update, a new Windows Hello for Business deployment method dubbed “cloud trust” won’t be ready for primetime. You can find out more about what to expect from Windows 10 November 2021 Update in our guide here.

Source…

Windows 11: Wondering if you really need to upgrade? Here’s what to consider


Windows 11 update on a laptop

Do you have to upgrade from Windows 10 to Windows 11? Here’s what to know.


Sarah Tew/CNET

Windows 11 started to roll out to eligible devices Oct. 5, marking the unofficial sunset for Windows 10. But you’ll have some time to decide when to make the jump: Microsoft’s gradual rollout means not every Windows 10 device was able to upgrade on Day One. However, the company has announced that Windows 10 support will end in 2025, so there is a time limit on the decision, albeit a lengthy one.

If you’re wondering how long you actually have to make the switch to Windows 11 and how long you can safely wait before updating, you’ve come to the right place. I’ll also explain how to download Windows 11, how to tell whether your computer is compatible and who gets the update for free. Read on for everything you need to know about the end of Windows 10 support and prepping for Windows 11. 

Read more: Windows 11: What to know about the download, new features, device compatibility, price and more

When is Microsoft ending support for Windows 10, and why?

Support for Windows 10 will end on Oct. 14, 2025. That means Microsoft will no longer provide security patches or feature updates for the Home, Pro, Enterprise, Pro Education and Pro for Workstations editions at this time — affecting virtually all Windows 10 users. (The only people who have until 2029 are the few Windows 10 Enterprise Long Term Support Channel users.) 

This doesn’t come as a surprise: Microsoft has a long-established Fixed Lifestyle Policy for many of its products. For each version of its OS, the company offers a minimum of 10 years of support (at least five years of mainstream…

Source…

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation


One of the vulnerabilities patched by Microsoft Tuesday has been exploited by a Chinese cyberespionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities.

According to researchers from Kaspersky Lab, the malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012.

Privilege escalation vulnerability in Windows GDI driver

The group was observed leveraging a previously unknown vulnerability in Win32k.sys, a system driver that’s part of the Windows Graphics Device Interface (GDI), which has been a common source of vulnerabilities in the past. The flaw, tracked as CVE-2021-40449, affects all supported Windows versions and those that are no longer supported and allows code to be executed with system privileges.

Since this is a privilege escalation vulnerability, it is only used to gain complete control of the targeted systems but is not the original method of entry. The exploit used in the attacks borrows code from a public exploit for another Wink32k vulnerability patched in 2016 (CVE-2016-3309). Despite the exploit being written to support all versions of Windows since Vista, the Kaspersky researchers only saw it being used on Windows servers.

“In the discovered exploit attackers are able to achieve the desired state of memory with the use of GDI palette objects and use a single call to a kernel function to build a primitive for reading and writing kernel memory,” the researchers said in their report. “This step is easily accomplished, because the exploit process is running with Medium IL and therefore it’s possible to use publicly known techniques to leak kernel addresses of currently loaded drivers/kernel modules. In our opinion, it would be preferable if the Medium IL processes had limited access to such functions as NtQuerySystemInformation or EnumDeviceDrivers.”

MysterySnail RAT

The hackers used the privilege escalation exploit to deploy a remote shell Trojan (RAT) that Kaspersky dubbed MysterySnail….

Source…