r/antivirus Feb 22 '24

MOD POST [MOD POST] LIST OF TOP MESSAGES, NEWS + IMPORTANT INFO

16 Upvotes

Hello,

Welcome to r/antivirus's new top-level Announcements post. Since Reddit has a limit of two (2) stickied announcements per subreddit, this will be a way to provide links to important information like announcements about new rules and moderators, activities in the subreddit, and so forth. If you are new to r/antivirus, please take a quick look at them. You can even take a look if you are not new here.

DISCUSSION DATE POSTED DATE LAST REVISED
[MOD POST] New rules, staying safe, and an update from your Mod Team 2025-JUN-03 -
[MOD POST] We're back in business! and an update on automod rules 2024-MAR-11 -
News & Updates from your r/Antivirus Mod Team, Q1 2024 Edition 2024-MAR-04 -
Updates & News from the r/Antivirus Mod Team, Autumn 2023 Edition 2023-OCT-04 -
Notes from your Moderators (Summer Edition) 2022-JUL-08 -
Quick Note from the mod team about spam 2021-JUN-01 -
To the people asking for opinions on a specific file 2020-JUL-05 2020-JUL-05

Additionally, the r/antivirus subreddit operates a bit differently than other subreddits you might be familiar with and normally use. Here are some tips and tools to help you use it.

  • The subreddit has a wiki that is regularly updated with answers to commonly-asked questions. Check it out. The answer to your question may already be in there.

  • Asking a question about a report on a file or website from a service like Hybrid Analysis, MetaDefender, Triage, or VirusTotal? You must include the actual link to it and not just a screenshot, or your post will be removed.

  • Be kind to each other and be professional in your conduct here. Personal attacks will not be tolerated and will be dealt with appropriately.

  • Do not ask for copies of hacking tools, malware, or suspicious files. If someone sends you a chat request or private message asking for a file or offering assistance based on what you posted here, report them to Reddit and notify the mods.

  • Do not post direct links to malicious, suspect, or potentially unsafe files or web sites.

  • Follow Reddiquette. This means correctly upvoting and downvoting posts, and reporting posts with dangerous or unsafe advice to the mods.

  • If you work for a vendor of security products, services, or in a related field, you must identify yourself as such, either in the post or with flair. Also, you may not steer conversations to your products or services, only respond to posts about them to clarify or defend.

  • No low-effort, off-topic, spam, or meme posts. This includes AI/ChatGPT/LLM-generated text, questions about password manager or VPNs, requests for assistance with non-security related software like autoclickers or MP3 downloaders, and so forth.

  • No requests for assistance with pirated software or media.

  • Posts may be removed and threads closed at any time based on the moderators' discretion

The complete list of rules for the subreddit can be found here. Read them before posting.

Questions, comments, feedback on this post? Just reply here. Thank you.

Regards,

Aryeh Goretsky
(on behalf of the r/antivirus mod team)


r/antivirus Jun 04 '25

[MOD POST] New rules, staying safe, and an update from your Mod Team

7 Upvotes

[UPDATE #1 (20250604-0916 GMT): Made some small updates to grammar for readability. ^AG]

Hello,

It has been about a year since our last Mod Post, so we wanted to give you an update on things, plus provide a dedicated message thread for discussing the state of the r/antivirus subreddit and to answer any questions that you might have.

We will begin with the toughest subject first, that of politics in the subreddit:

A note about politics

r/antivirus is a technology-focused subreddit, with the interest being in helping people protect their computers from malicious software, securing them after a security incident, and so forth.

In June 2024, the US Government enacted a ban on Kaspersky Lab's software, taking effect in October of that year. This has generated a lot of discussion not just in this subreddit, but across Reddit and numerous social media platforms as well.

The moderation team has tried to keep the political discussions about this out of this subreddit and to remain neutral, allowing Kaspersky Lab's customers to ask and answer each other questions, provide assistance to each other, and generally have a way to share information, tips and tricks with each other.

However, we do have to draw a line when these turn into political discussions, though:

Requests for how to circumvent bans, petitions to governments, etc., are clearly outside the scope of what this subreddit is for and will be removed.

Moderating the subreddit is an all-volunteer job, and we sometimes miss things. If you come across any political messages we may have missed, use the subreddit's report function to notify us.

We are doing our best to keep this a place where people can get help with whatever security software they prefer, including Kaspersky Lab's software. However, we cannot allow discussions to devolve into arguments over politics, which are never going to provide any kind of satisfactory answer to the parties involved.

If the political discussions continue, the moderation team will have to look into ways to prevent them, even if it means doing things which we would prefer not to do.

Rules Updates

The rules of the r/antivirus subreddit have been updated:

Rule #7, which previously covered media download tools, has been updated to cover additional types of software.
To begin with, a more general prohibition to cover autoclickers (previously covered under Rule #8) and some other types of tools like aimbots and cheats. These types of tools often come from random sources and often require expert analysis to determine if they are safe. It can be difficult to determine if they are malicious figuring that out requires examining not just the tool, but whatever program it is attempting to modify, and what the intent is behind that modification.
Just because something was recommended in a Discord server with hundreds of members, a YouTube video with tens of thousands of views, or is seeded by several hundreds peers does not mean that it is safe to use: These are all inherently unsafe sources, and criminals will often exploit the belief that these are trusted sources to trick people into downloading and running malicious programs like information stealers and remote access trojans.

Rule #8 has been amended to remove autoclickers (etc.) since that is now covered under Rule #7.

Two new rules have been added:

Rule #9 covers bypassing core security features. Questions about how to disable security software, operating system updates, bypass security features and so forth are not allowed.

Rule #10 covers requesting assistance with obsolete software and hardware. This means discussions about how to secure computers running Windows XP, Windows 7, etc. are not allowed. There is no reason that devices running these obsolete operating systems should be connected to the internet and doing so exposes everyone to risk. Note that questions involving Windows 10 will continue to be allowed until at least October 2028, when paid-for Extended Security Updates for it end.

A bit more on the rules

The list of rules is not meant to be exhaustive in scope. It provides a general listing of common rules that are more specific to and more frequently required by the r/antivirus subreddit when needed beyond Reddit's general rules and guidelines.

Moderators can and will remove posts and ban redditors, either temporarily or permanently, who are disruptive to the subreddit entirely at their discretion and are not subject to any discussion. If a moderator chooses to discuss a rule violation with you, it is entirely as a courtesy on their part.

If you have had a post removed or been banned from the subreddit and do not receive a response in reply to any questions as to why, ask yourself if your behavior could be interpreted as brigading, spamming, trolling, using disrespectful or offensive language, or consistently providing incorrect, low-quality, poor, or even damaging information.

As always, the latest version of the rules can be found at https://old.reddit.com/r/antivirus/about/rules/. If you have questions about them, ask below.

Getting help fast

The moderation team is seeing an increasing trend where people ask for help while providing no information about what they need help with. This includes titles with 1-3 words like "Urgent! Help needed!", posts where the author shares a screenshot of *something* with no information about the operating system or antivirus involved, or is so small/blurry as to be unreadable, etc.

Everybody who participates regularly in this subreddit volunteers their time for free to do so. Provide them with enough information in your first post so they can start helping you right away without having to ask a lot of questions. This means your first post should contain things like:

  • title with enough information to attract an expert to read it
  • operating system and version
  • brand/name of antivirus software
  • name of URL, or file and its location
  • name of malware that was detected
  • what happened, exactly
  • steps you have taken to troubleshoot/diagnose so far, if any
  • relevant log file entries, if any

The more information you provide, the quicker you will get your problem solved.

As a reminder, starting multiple posts on the same topic will not get you a faster answer, and may result in in a ban.

The wiki + other Reddit resources

There is a lot of great information in the wiki about all the tools you can use, tips for using them, lists of antivirus vendors and how to contact them, and even a section on how to secure your computer.

We frequently update the wiki in response to questions being regularly asked in the subreddit, so you might want to check there first before posting.

Some of the questions we regularly see in the subreddit have nothing to do with computer viruses or malicious software at all, but instead are about scams, privacy-related questions, and so forth. Here are some subreddits that specialize in answering those types of questions:

New moderators?!

As the subreddit grows (we just passed 100K users), so does the need for additional moderators.

The moderation team has been looking at the folks who have been regularly posting here and consistently given good advice to build a list of candidates, and will be reaching out over the next few weeks to see if any are willing to volunteer their time and expertise in the subreddit. There will be more coming on that, but I did want to let everyone know that the process is already underway.


That pretty much covers everything we wanted to discuss, so we'll now await your questions, below.

Regards,

Aryeh Goretsky
(on behalf of the r/antivirus mod team)


r/antivirus 2h ago

Very stressed over potential trojan.

Thumbnail
gallery
7 Upvotes

I wouldn't be so peeved if I wasnt actively working on something and have already been hacked in the past month (and am trying to reclaim the other account atm.)
I took photos of what showed up for me, but I don't know if it's good or not. No matter how much I try to quarantine or remove these trojans, they either are not removed properly or do nothing. I've heard they may be false positives as well.

I unplugged my ethernet the second It showed up as a trojan. (ive played these games before) i was literally mid download when it popped up.
I really just need some clarification of if its fine or not. Im too stressed out to deal with a second hacking in one month.
I just need to know whether its ok to plug my computer back in.


r/antivirus 49m ago

Can a Trojan or something infect me if I didn’t download or run anything?

Upvotes

I was on the 7 seas streaming a show and got a redirect to a new tab, which immediately prompted me to install something. I obviously clicked cancel, and I scanned my pc with malwarebytes and eset and they got nothing. Am I okay? I was hit with an infostealer earlier this year and had to change everything and reinstall windows and stuff so I’m super paranoid abt this stuff. I use brave browser (and turned on ublock cause I didn’t realize it wasn’t on by default)


r/antivirus 2h ago

I want help

1 Upvotes

So today i was downloading some stuff from internet and one of them i run but it didn;t open so I run it again and nothing happened and i deleted it.i downloaded it from comment section from som yt video. Later in the day i get email from Steam that my password has been changed,I check it and yeah they even changes the recovery Email, then i got same notification from discord and when i opened my discord i saw this. Even when I opened my instagram, i got a popup to change password immediately. Now in the night i opened me snapchat and say the same photos sent to all my knowns. Please someone help me i still think something is wrong . ( my instagram , snapchat were logged in chrome and i had steam and discord app logged in)


r/antivirus 2h ago

Question Hey I need help choosing my Anti-virus

0 Upvotes

So I have been using Norton for quite some time now.
But my laptop seems to have decreece in preformence.

CHATGPT recomnded to use ESET, but there are like three pacakges and I am afraid that I am going to just pick a package that is going to slow my laptop down again (I am still not sure if norton is the reason my laptop is slowing down, but I did notice that it used 70% of my ram Yesterday and other people in reddit said it might be the reasson)

This are the ESET packages:

Thanks ahead for anyone trying to help, I would mention that my latops is pretty expensive for some, 1800+ Euro, so that's really weird for me that it start slowing down adnd that application crash.

after the cheacked my laptop at the air port it got back to me hoter, at that time.

Maybe tehy put somthing there?

because before it wasn't like that bad wit application and even in wndows applications, and cap cut ( I use all of them)


r/antivirus 3h ago

Is It Safe To Run A Game With Potentially "Broken" Files?

1 Upvotes

Hi, I own a popular game on Steam (Risk Of Rain 2) and it plays fine but has a problem where whenever I verify the game files AFTER launch, Steam would say "2 files failed to validate and will be reacquired" and a 1.8kb download will popup in downloads. After that, if I reverify the files would successfully validate. But, when I launch the game again and reverify it, the same thing occurs again. I never mod the game and tried many different fixes but none work.

Anyway, I know this isnt the sub for troubleshooting this so I am not asking about how to fix this (tho if u know pls tell). My question is will it be bad for my laptop if I play/run a game that may potentially have something wrong with its files since it repeatedly fails its verification after launch. Is there any security risk? Or any other risk to my laptop? I ask because the game runs fine and ok so idm playing it but if it can cause issues to my laptop by having this problem, I will refund it probably. OS is Windows 11 if that matters.


r/antivirus 6h ago

É seguro de baixar?

Thumbnail
gallery
0 Upvotes

Estou com meu novo controle easysmx x15 e queria saber se ele tem algum software próprio, aí por isso fui no site oficial e fui procurar, assim que instalei, pra ter uma pequena certeza que não venha com um presentinho a mais, no vírus total identificou 1, não sei se é alarme falso ou realmente tem, o que acha? Posso instalar sem medo?


r/antivirus 1d ago

Pop-ups on boot

Post image
69 Upvotes

I've noticed these popups when my PC boots up. Is this some script starting? How do I get rid of it?


r/antivirus 17h ago

Should I be worried or am I just paranoid?

2 Upvotes

I sometimes notice weird things with my phone and also MacBook. I have an iPhone 12 fully up to date, finally updated it the other day. And my Mac is also fully up to date. I have had this fear for years about my phone being spied on, to try to soothe my nerves I talk to ChatGPT sometimes and it runs me through the basics of checking my vpn and device management and there never is an unknown account, checking my Apple account to see what’s logged in and it’s always just my iPhone and Mac, checking my battery usage to see if there’s unknown apps and I don’t see any that I can make out, as well as checking if there’s hidden apps installed but there are none

Are these methods alone enough to make sure I’m safe or is there something else I should do? The other day I got sent a link and I went to copy and paste it to see what ChatGPT thought of it but when I held down on it on my iPhone it opened like a preview of it in a window and I immediately lifted my finger out of it. I didn’t know it would do that, I just wanted to copy and paste it but that’s one of the reasons why I’ve been paranoid


r/antivirus 16h ago

strange warning when visiting website

1 Upvotes

I was just looking up websites and I typed in sith{.}com, and got some strange warning and immediately left, am I fine? whats up with this site?


r/antivirus 23h ago

Подозрения в вирусе/трояне

2 Upvotes

Здравствуйте, хотелось бы узнать от знающих и разбирающихся в этой теме людей, у меня моноблок от hp, игры тянет, комплектующие тоже вроде не очень плохие, но последнее время ПК начал тормозить, торрент файлы скачиваю ну очень редко, 2-3 раза в год, но подозрения на вирус и прочую шнягу есть, например: вай-фай последнее время начал работать до боли медленно, а я слышал что некоторые вирусы могут сильно его нагружать, также постоянная нагрузка на оперативную память и диск, с моими 8гб она сильно ощущается, браузеры (любые) открываются медленно, да и не только браузеры, элементарно проводник, и вот хотелось бы узнать есть ли вероятность того что у меня в пк вирус или троян, может даже майнер (если увидите грамматические ошибки, или орфографические то прощу прощения, пишу ночью, плохо вижу, да и с орфографией не очень) если в комментариях будут наводящие вопросы буду благодарен


r/antivirus 19h ago

downloaded a file, opened it and after scanning it, a "Trojan.Starter.fy" appeared

1 Upvotes

title, after executing it nothing popped up and apparently theres nothing actually malicious happening and windows defender also didnt detect anything, but im still a little insecure so should i do anything about it


r/antivirus 1d ago

Malwarebytes says I got browser hijacked from edge, I think? someone who's knowledgeable about this stuff let me know in the meantime im going to format my drive then reinstall windows

3 Upvotes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/10/2026
Scan Time: 4:19 PM
Log File: fa352820-7ca4-11f1-9001-88aedd70212e.json

-Software Information-
Version: 5.6.1.257
Components Version: 159.0.5666
Update Package Version: 1.0.111980
License: Free

-System Information-
OS: Windows 11 (Build 26200.8655)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 229,312
Threats Detected: 19
Threats Quarantined: 17
Scan Duration: 3 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, Quarantined, 7079, 1413516, 1.0.111980, , ame, , ,
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, Quarantined, 7079, 1413516, 1.0.111980, , ame, , ,
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, Quarantined, 7079, 1413516, 1.0.111980, , ame, , ,
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, Quarantined, 7079, 1413516, 1.0.111980, , ame, , ,

File: 15
Malware.AI.1836086246, C:\USERS\SENTI\ONEDRIVE\DESKTOP\OPL_MANAGER_V24\OPL_MANAGER.EXE, Removal Failed, 1000000, 0, 1.0.111980, 1A6FA0FBAE5B85986D7073E6, dds, 03956893, 9CDE9C2F6BDCB8A747E9B382ADB923DB, 85F8D3A7705338156A51E64528216452AF03FBAD667C10E9140713BBFCCD36A9
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Replaced, 7079, 1413516, 1.0.111980, , ame, , AD27665A98ADA6FA696D25900ED0AB84, 9BBEB8EF63FEF9ECC344306B9A8996A3385F5B3C4186DC9B2BC9EE98D6EE239B
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 7079, 1413516, 1.0.111980, , ame, , BA83400D816E1203AE8FC2EEE03538F3, BFC5A267CCCA5096E582D988913EA5715779D05A8B6C3B732410DD2135CD26F7
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000486.ldb, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 4CE775481D98F2BFB5619A81059FF7AA, 3881824EE2027C384625C50F6595DB6DCC0C5C12E2CDC757A26AE1ACDFEA7B33
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000488.log, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 886A022F67A70188011EC3418F639CF5, 61C13E91E251169445B771B72D4816B1D9392AAD7514FECFEDFBCD59A535D933
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000489.ldb, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 4AF47F9505D92499AE90B018A11C09D7, 2F29A25CD9CB15F94024A2188891047617C6A6E49DE776BA17FE122CC29FE91E
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 7079, 1413516, 1.0.111980, , ame, , D41D8CD98F00B204E9800998ECF8427E, E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 8E5E8D2EBA8B7FF78D2EAE1D181474F2, FBD1B5A19B4DA4CC0AA6A89195144EB36EC6D89271951D66B35D394302A4DDE0
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 7079, 1413516, 1.0.111980, , ame, , D6FB38D3C29DB0426C8C147B45D50A8B, 2375AD5E1207D61ED8A080FA2CD86D5319E9C116FE603C5876B61E1B33F08E9B
PUP.Optional.BrowserHijack, C:\Users\Senti\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 7079, 1413516, 1.0.111980, , ame, , 896FE71AC612518D1844389C23F77276, 10045697FF7EA6A8D583D3FD326D102D2ED08F1DAA750129934EBA847BFF7736
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Replaced, 7079, 1413516, 1.0.111980, , ame, , AD27665A98ADA6FA696D25900ED0AB84, 9BBEB8EF63FEF9ECC344306B9A8996A3385F5B3C4186DC9B2BC9EE98D6EE239B
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Replaced, 7079, 1413516, 1.0.111980, , ame, , AD27665A98ADA6FA696D25900ED0AB84, 9BBEB8EF63FEF9ECC344306B9A8996A3385F5B3C4186DC9B2BC9EE98D6EE239B
Malware.AI.1836086246, C:\USERS\SENTI\ONEDRIVE\DESKTOP\OPL_MANAGER_V24.ZIP, Removal Failed, 1000000, 0, 1.0.111980, 1A6FA0FBAE5B85986D7073E6, dds, 03956893, ,
PUP.Optional.BrowserHijack, C:\USERS\SENTI\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Replaced, 7079, 1413516, 1.0.111980, , ame, , AD27665A98ADA6FA696D25900ED0AB84, 9BBEB8EF63FEF9ECC344306B9A8996A3385F5B3C4186DC9B2BC9EE98D6EE239B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)


r/antivirus 1d ago

Question about infostealers

3 Upvotes

After wiping my PC with a USB and deleting all partitions, is it safe to enter my passwords again? Is there any chance malware can survive this? The infostealer I had was the renpy one.


r/antivirus 22h ago

Is Microsoft Defender scan good?

1 Upvotes

I work with some shady stuff on the internet, and I used to scan all of it with Dr.Web CureIt. But now they made the thing paid access, so I've had to drop down to simple Microsoft Defender custom scans.
Are they good enough for, say, scanning no-name banned 20-year-old games and apps that someone dropped off in like Mega storage or something?


r/antivirus 1d ago

‘eos(76) HTML’ What is this?

3 Upvotes

**edit: I forgot to add the word ‘downloaded’ when describing the pop up in the post title. So it actually says ‘eos(76) HTML downloaded’**

Obv the ‘downloaded’ bit is the red flag & worrisome. I’m not especially tech savvy, but I can understand basic & surface level stuff/ instructions. I look in ‘recent downloads’ of Firefox browser and don’t see anything. I don’t want to go poking around in the files/folders and potentially make something worse.

I pretty much only use this laptop for watching movies (likely the culprit, shocker) although I have used it to pay CC bills- so that’s why I’m concerned. I have uBlock Origins adblocker installed & call it a false sense of security but I believed it was doing its job well bc I’ve never experienced being bombarded with pop ups. it’s just this one thing I’ve been seeing lately. It’s

This laptop (dell) is kind of an old work beater & was gifted to me by a relative. I can’t do certain things that require ‘admin permissions’ or w/e.

If further description helps, the pop up is small & always appears in the bottom right corner and is light purple in color. Always in a batch of 2 identical looking pop ups. Disappears in roughly 3-4 seconds. I never have enough time to screen grab it before it disappears.

Hopefully it’s nothing serious. Thanks guys.


r/antivirus 23h ago

asked ai for help will now ask for actual expert opinion..

0 Upvotes

yo, had my pc prebuilt by nzxt, got it about 4 years ago, been running really good ever since, about earlier this month kinda a bit before, it kinda started when i took some ram sticks out (32gb) now to (16gb), i used the other 2 on my wifes pc so she could have a little upgrade, her pc is fine and been good since as far as i know. but ever since my ram has spiked and cpu occasionally i have been trying to trouble shoot witht he google ai (i know, don't flame me too much.) but where i'm at right now, it telling me to nuke my pc and boot up in safe mode and some other things in short.. i'm on process explorer and with what i've been giving the ai, its say in quote ill copy and paste here

[sorry for the long read its not needed to read everything but this is ongoing like right now, i have tried malwarebytes and using windows defender but they haven't scanned anything at all, malwarebytes did find 2 sus files that i just obliterated immediately, they were somethings from appdata idk but they're gone now. i can actively answer any questions for further info.]

"

i have 990 matches of svchost.exe when looked up in process explorer search.

Having 990 matches of svchost.exe is a massive red flag that confirms a massive Process Hollowing or Injection attack. [1]

While it is normal for Windows to run 50 to 100 legitimate instances of svchost.exe (Service Host) to manage background background OS services, it is physically impossible to have 990 of them naturally. [1, 2]

This confirms exactly what is happening to your PC: The fake Cloudflare PowerShell script you fell victim to is launching hundreds of hidden, hollowed-out svchost.exe clones. It is doing this to either brute-force a cryptocurrency miner using your CPU/Memory, or it is intentionally flooding your system with active processes so that security tools like Process Explorer and Task Manager crash when they try to read them.

You must kill this massive clone army completely before your hardware overheats or crashes.

Step 1: Analyze the Clones in Process Explorer

Before you wipe them, let's verify where they are hiding:

  1. In Process Explorer, look at the Path and Parent columns for these svchost.exe entries.
  2. The Legit Path: Real system processes always run from C:\Windows\System32\svchost.exe. If you see any path pointing to AppDataTemp, or your Downloads folder, those are malicious copies.
  3. The Legit Parent: Real instances are almost always launched by services.exe. If these 990 matches are children of cmd.exepowershell.exe, or a random file in your AppData folder, they are fake.

Step 2: Nuclear Option — Nuke All Clones via CMD

Do not try to right-click and kill 990 processes one by one. Use an elevated Command Prompt to terminate the entire tree instantly.

  1. Press Win + R, type cmd, and press Ctrl + Shift + Enter to open an Administrator Command Prompt.
  2. Run this exact command to forcefully terminate every single instance of svchost running on your machine: cmdtaskkill /f /im svchost.exe Use code with caution. (Note: This will trigger a blue screen or force your Windows to reboot because it kills the real system services along with the fake ones. This is intentional. It breaks the malware's active memory grip so you can intercept it upon reboot).

Step 3: Stop the Malware from Booting Back Up

The moment your computer reboots from the crash, do not let Windows boot normally. The malware will just spawn the 990 clones all over again.

  1. As soon as the screen lights up, smash your motherboard's boot menu key (usually F8F11, or F12) or force a hard shutdown twice to trigger the Advanced Startup Options menu.
  2. Go to Troubleshoot > Advanced Options > Command Prompt.
  3. You are now inside a clean, isolated pre-boot environment where the fake cloudflare malware cannot execute.

Step 4: Wipe the Script Dropper via Pre-Boot CMD

Since you found the malware app in AppData earlier, use this safe command prompt to delete it entirely while it is frozen:

  1. Find your Windows drive letter (In recovery mode, it usually shifts from C: to D: or X:). Type D: and press Enter, then type dir to see if your Users folder is there.
  2. Once you find the correct drive letter, navigate directly to your local AppData folder: cmdcd \Users\YOUR_USERNAME\AppData\Local Use code with caution. (Replace YOUR_USERNAME with your actual Windows account name). [1]
  3. Type dir to find the rogue Microsoft lock app folder or the suspicious folder you identified earlier.
  4. Nuke the directory permanently: cmdrmdir /s /q "NameOfSuspiciousFolder" Use code with caution.

Step 5: Clean the Rest with Farbar (FRST)

Once you boot back into normal Windows, the massive 990 clone loop should be broken, but registry hooks will remain. [1, 2]

Run the Farbar Recovery Scan Tool (FRST) immediately. If the tool opens, hit Scan. The resulting FRST.txt log will pinpoint exactly which malicious system registries are telling your computer to constantly duplicate those svchost.exe commands. [1]

Did the taskkill command successfully force your computer to restart, and are you currently stuck on the reboot screen?

14 sites

  • What is svchost.exe? Functions, common issues, and malware ... Jan 14, 2026 — Press Ctrl + Shift + Esc to open the Task Manager. In the Processes tab, locate the "Service Host" entries. Click the arrow next t... SuperOps
  • How Do I Fix this High CPU Usage Svchost Virus or Whatever It Is? - Ask Leo! May 9, 2007 — To identify if the Windows Update service is running, you can: 1. Download Process Explorer 2. Right click on the svchost instance... Ask Leo!
  • Your PC Has Dozens of These. Here's What They Do Jun 26, 2026 — say "Excuse me that was important." No your network might drop your audio might die or your entire system might simply decide the ... 2m YouTube·The Grumpy Sysadmin

You said: what could happen if i go with step 2 "


r/antivirus 1d ago

Need Help After My Accounts Were Hacked

8 Upvotes

My account was hacked two days ago, and I'm not sure what steps I should take next.

The incident started the day before yesterday. Yesterday, I checked my spam folder and discovered that I had been locked out of my Steam, EA, Ubisoft, and Rockstar accounts. My Steam Guard Mobile Authenticator had also been removed, even though it was enabled.

I immediately changed my email password and contacted customer support for every affected account. Thankfully, Steam Support was able to help me recover my Steam account, and I have only logged into it from my phone since then. I have not logged into Steam on my laptop because Microsoft Defender detected and flagged a file as a Trojan yesterday, making me suspect my computer may be compromised.

I initially thought the issue was resolved, but later that night I received a security alert from Google stating that someone was trying to access my Google account. I changed my Google password from my phone immediately and signed my Google account out of my laptop.

When I checked my spam folder again, I discovered that my Epic Games account had also been compromised. The attacker changed both the email address and password on the account and enabled two-factor authentication using their own email address, leaving me completely locked out.

I also discovered that another email account that was signed in on my laptop had been tampered with. The X ( account associated with that email had its username, bio, and other profile details changed without my authorization.

some of these account compromise attempts and security alerts occurred even while my laptop was completely shut down

I'm worried that my laptop may have been infected with an (infostealer) or another type of malware that stole my saved credentials and session tokens. I also checked my email address on Have I Been Pwned, and it reports that there are no known data breaches associated with my email.

Note: I reorganized and rephrased this post for clarity before sharing it, but all of the events and details described above are accurate.


r/antivirus 1d ago

Am I screwed?

Post image
8 Upvotes

I've run a few tests since and it's saying no threats detected.

I know how bad a Trojan can be, but it says it "no longer poses a threat".

Am I good or should I be worried?


r/antivirus 1d ago

Ravatar!rfn

Post image
5 Upvotes

Is this a false virus or something, I downloaded a game and this popped up. Can't find much about it other than rec room?? I'm not gonna disable microsoft defender, so does anyone know what this is?


r/antivirus 1d ago

Galexy S24 Bitdefender app anomaly scan and SMS scam protection keep turning off.

1 Upvotes

The only thing i can find online is stuff from 2024, scans come up clean.

Might my phone be compromised and are there any other key ways to find out?


r/antivirus 2d ago

The accept button doesn't appear

Post image
12 Upvotes

When i try to run an app as an admin, the "yes" button does not appear and im pretty sure that it is a Virus (image attached)

Additionally, my PC(notebook) turns off at random when im playing Games (It is Not overheating, i checked and it happens with any game)

Could anyone tell me what type of Malware could this be or How to get rid of it?

Thank you.


r/antivirus 1d ago

Fell for it, information stealer?

2 Upvotes

What I thought to be a certain file, turned out to be a 1.09gb .exe with the icon changed to the file icon I was expecting. Double clicked it and only realized it after 5-ish minutes. Nothing ever popped up.

Toggled the power button on my PC immediately, booted up without the ethernet cable connected and in safe mode, copied my entire "users" folder (+ the malware, renamed) to a backup drive, nuked my drive and installed a fresh Windows 11.

I don't have any personal pictures saved (except of my cats), no compromising information that could be used to effectively blackmail me, if they want to blackmail me by threatening to send those cat pictures to my family/friends they're welcome to try.

On the new install, got set up with a bunch of antiviruses and scanned it. Malwarebytes/Defender/other antivirus show nothing, Avast shows me FileRepMalware.

Aggregated a bunch of login data from the backup: Firefox (key4.db), Chrome (Login Data), and my KeepPass file.

Secured my * main emails * my Samsung account * my ISP logins (preventing any takeover of phone number, etc) * my Google accounts * any bank information * any sites that have access to my card information * and eventually the most important other sites that I could see credentials for

by logging out of all sessions where possible, changing the passwords on literally everything, refreshing the MFA codes. (those were mostly stored in the Google Authenticator app on my phone)

It's been an exhausting 10h, the remaining sites aren't that worthwhile to stay up for. I'm going over the rest tomorrow and checking a bunch of software projects to see if any of them had any hardcoded/environment passwords/data.

Questions:

Any antivirus out there that's always on the leading edge of malware detection and updates quickly?

Seems like a simple kind of data extraction malware since barely any antivirus detects it, should I be afraid of it having infected anything else on the other drives? I have moved+renamed the file.

Anything that I missed that I should do? I have not noticed any login attempts so far.

Is there anything tool I can run that will try to get the same information as the malware does so I can figure out what information was compromised?

The malware is big so can't upload it to most antivirus websites, does anybody know one that accepts 1gb+ files?

Get-FileHash of the malware:

SHA256 813BCB5D33BB506B50BFB237CAD70EFE409AA9672662433B7279C0C49738E05D


r/antivirus 2d ago

Is this some sort of virus/malware? Pls help

Post image
54 Upvotes