• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

I did Norton 360 Power Eraser rootkit scan...and one of the results said SQM UPLOAD S-1.5.21.3.....is this anything to worry about like a virus or is it an official microsoft folder and ok?..i am on windows 7.

回复

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs.

For instructions on using Norton Power Eraser, see the tutorial.


Whats the path for "SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER".

click on blue detection....for example: ccleaner update

click on Threat Details and Copy to Clipboard....for example:

mouse hover over detection to see path....for example:

click Locate....for example: 

and second opinion VirusTotal scan....for example:

view log and scroll down to event....for example:

How to post an image in the forums. 

FWIW ~ YMMV

好评1 Stats

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Dimmy:

I did Norton 360 Power Eraser rootkit scan...and one of the results said SQM UPLOAD S-1.5.21.3.....is this anything to worry about like a virus or is it an official microsoft folder and ok?..i am on windows 7.

NPE does not detect malware (that is what Norton Security is for), it presents you with a list of files that could be malware.  It is meant to be run when your Norton program does not detect anything malicious but you still suspect that something may be acting suspiciously on your PC.  If there doesn't appear to be anything wrong, the results returned by NPE will almost always be safe files that belong to applications on your system.  NPE doesn't tell you much about a file because it really doesn't know much about the files it presents - that's the whole point, if Norton knew whether the file was actually malicious or not you would not have to run NPE, as Norton Security would catch it if it was malicious and NPE would not flag it if it was a known good file. 

https://community.norton.com/en/comment/7865241#comment-7865241 

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

This sqm upload , when i clicked on it in the power eraser results, had an install date of 2015...so i`m not going to worry about it BUT could someone tell me this.. i am using Norton 360 for protection and i did a Norton Power Eraser scan..everything was clear ..no threats. BUT i then did a MALWAREBYTES FREE SCAN and that detected 3 TROJANS.DNS...!!!...which i quarantined then deleted. WHY didn`t my norton 360 protect me against these trojans in the first place?...the norton power eraser didn`t pick them up either!!!!...thanks!

好评1 Stats

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

please post attach Malwarebytes log for "detected 3 TROJANS.DNS" event


what is your Norton 360 version?
why did you run Norton Power Eraser rootkit scan?
what does your full Norton 360 scan report?

Dimmy:

I did Norton 360 Power Eraser rootkit scan...and one of the results said SQM UPLOAD S-1.5.21.3.....is this anything to worry about like a virus or is it an official microsoft folder and ok?..i am on windows 7.

Log file created by the Service Quality Monitor program that records events on Windows computers; may include application use, performance, and errors from a program; SQM data can be sent to Microsoft, which helps the company fix and improve software programs.   The SQM file type is primarily associated with Windows Live by Microsoft Corporation. These files are typically hidden and written to the root directory of the drive.   Service Quality Monitoring is used by Windows Live Messenger, MS Office, and various other programs. SQM files are typically stored in the root level (C:\) of the user's hard drive. 


you may also Chat with Official Norton Support

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

 WHY didn`t my norton 360 protect me against these trojans in the first place?

It looks like you may have picked up a PUP, a Possibly Unwanted Program. While they are annoying, they do not cause damage to your system. Some people actually want the 'Features' offered by these programs. They are usually downloaded alongside a legitimate download when you do not uncheck the option for the additional download.

Norton products concentrate on malware that can damage your system, that is why some PUPs are not detected. Malwarebytes focuses more closely on these PUPs.

Things happen. Export/Backup your Norton Password Manager data.
好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

so are trojans pup`s?? ..is that why norton 360 didn`t prevent them as they were not a threat?..and also is why malwarebytes detected these trojans as they might be pup`s?

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Dimmy:

so are trojans pup`s?? ..is that why norton 360 didn`t prevent them as they were not a threat?..and also is why malwarebytes detected these trojans as they might be pup`s?

Please post attach Malwarebytes log for "detected 3 TROJANS.DNS" event.

Maybe, ask https://forums.malwarebytes.com/.


what is your Norton 360 version?
why did you run Norton Power Eraser rootkit scan?
what does your Norton 360 full scan report?

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

hi i am using the latest version of norton 360..i check it regularly. The full norton scan didnt reveal any threat just some cookies. I`m still trying to work out how to access the malewarebytes logs...when i do i will post them..thanks!!!

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Dimmy:

hi i am using the latest version of norton 360..i check it regularly. The full norton scan didnt reveal any threat just some cookies. I`m still trying to work out how to access the malewarebytes logs...when i do i will post them..thanks!!!

Norton 360  22.16.2.22 ?

To download the Malwarebytes for Windows User Guide.

https://support.malwarebytes.com/docs/DOC-1709

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Dimmy:

so are trojans pup`s?? ..is that why norton 360 didn`t prevent them as they were not a threat?..and also is why malwarebytes detected these trojans as they might be pup`s?

Some are, some are not. The ones that are not PUPs should be caught by the regular Norton malware scans. That is why bjm_ asked for what was detected by Malwarebytes, so we can look up just what was found.

Things happen. Export/Backup your Norton Password Manager data.
好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Hello Dimmy

Please look on left hand side of the program. You should see a tab that says Reports. Look for the date of the Scan. Put a check mark next to the date of the Scan and click on View Report on the bottom Right. You can then either copy the log or click on the Export on the bottom Left and export to clipboard and then post in thread.

For more information--screenshots say for premium, but they are probably  the same for the free version.

https://www.malwarebytes.com/support/guides/mb/Reports.html?lang=en

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Hi... not sure if i have done this correctly ?.....the first log is for one trojan...the 2nd log is for 2 trojans....regards

Malwarebytes (LOG NO.1)

www.malwarebytes.com

-Log Details-

Scan Date: 12/9/18

Scan Time: 12:01 AM

Log File: 98bd7979-fb45-11e8-b498-00ffed08eb21.json

-Software Information-

Version: 3.6.1.2711

Components Version: 1.0.482

Update Package Version: 1.0.8227

License: Free

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User:

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 282509

Threats Detected: 1

Threats Quarantined: 1

Time Elapsed: 8 min, 10 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 1

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293694],1.0.8227

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

LOG NO.2

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 12/8/18

Scan Time: 10:34 PM

Log File: 7bd8f83e-fb39-11e8-8c38-00ffed08eb21.json

-Software Information-

Version: 3.6.1.2711

Components Version: 1.0.482

Update Package Version: 1.0.8227

License: Free

-System Information-

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User:

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 282548

Threats Detected: 2

Threats Quarantined: 2

Time Elapsed: 9 min, 16 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 2

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293694],1.0.8227

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293695],1.0.8227

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

好评1 Stats

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

Dimmy:

Malwarebytes LOG NO.1
Scan Date: 12/9/18 ...

Registry Data: 1

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293694],1.0.8227

Malwarebytes LOG NO.2

Scan Date: 12/8/18 ...

Registry Data: 2

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293694],1.0.8227

Trojan.DNSChanger, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BEC1E262-2E01-4CE1-A1B5-ADC3770A483F}|DhcpNameServer, Replaced, [2870], [293695],1.0.8227

Hi Dimmy:

See the Malwarebytes description for Trojan.DNSChanger as well as their security blog entry DNS Hijacks: What to Look For.

You might want to file a false positive report in Malwarebytes' False Positives / File Detections board at https://forums.malwarebytes.com/forum/42-file-detections/ - see zorba's thread Possible FP Trojan.DNSChanger in that board about similar detections that turned out to be harmless registry entries that were incorrectly detected by Malwarebytes as Trojan.DNSChanger.  If you decide to submit a false positive report read the topic Please Read Before Reporting a False Positive that is pinned at the top of that board for instructions on how to post your Malwarebytes logs in your first post.  Your detections were for registry entries, and not files, so you can ignore the section in those instructions for submitting a zipped copy of the suspected file.

Be sure to mention that the registry entry for your Trojan.DNS detection seemed to re-appear on a second Threat Scan.  If they believe that this is not a false positive and that you are infected with some kind of active DNS hijacker they will likely direct you their Windows Malware Removal Help & Support board at https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ where a malware removal specialist will help you remove the last traces of the infection.

As previously noted, Norton Power Eraser (NPE)  is a very aggressive scanner that is designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan.  I agree with bjm_'s suggestion that your SQM UPLOAD S-1.5.21.3 detection is probably just a NPE false positive of a file created by Microsoft's Service Quality Monitor (SQM), and it likely has nothing to do with the DNS.Trojan detections by Malwarebytes.  See Calvin5's thread iqvw64e.sys identified as a threat for more information about the NPE, which includes the following warning <here> from SendOfJive:

"One thing to keep in mind is that NPE does not positively detect known malware - that is the job of your regular Norton Security product.  NPE instead looks for files that might warrant investigation if you suspect that you are infected and regular scans come up clean.  NPE will flag many legitimate files, so never assume that what NPE finds is truly malicious."

----------
32-bit Vista Home Premium SP2 * NS Premium v22.15.1.8 * Malwarebytes v3.5.1.2522-1.0.365

好评0

Re: SQM UPLOAD S-1.5.21.3 FOUND IN POWER ERASER

This thread is closed from further comment. Please visit the forum to start a new thread.