virus – Is the DataRecovery file by Windows?

A few months ago, a few programs appeared that would occasionally pop up with unwanted advertisements and other content, so I’d like to delete them. I went to the shortcut properties and found that one of them came from something called DataRecovery.exe, and it was created on February 10th of this year which is far later than when I got my computer, but I might remember an update happening then which might have created it, so I’m not sure. Is this file common for other people? enter image description here

anti virus – How do you stop McAfee from quarantining your .EXE?

I have a history with McAfee quarantining my C code in Microsoft Visual Studio and others have had the same problem.

There are solutions, but that requires every .EXE in all your solutions to be whitelisted manually.
I would prefer that I didn’t have to do that, but it seems that’s the only way.

I followed the instruction to exclude the file and went back to coding. After I rebuilt my project McAfee alerted me that it removed it from the exclusion list because the file changed. So, either I shut off the live scan every time I want to practice coding, or I just don’t code.
I know some of you out there must have a good solution so do you guys know if there a better solution?

I called their helpline and they told me to whitelist the EXE (devenv.exe) for Microsoft Visual Studio and it seemed to work but then later it stopped my project from running entirely considering it a virus threat.

Why C# Sharpdevelop .exe triggers virus warnings?

SharpDevelop has been discontinued but has features that I find useful for a current project, specially because it can compile REAL AnyCPU apps, meaning I can build GUI apps for Windows x86/x64 and also Windows running on ARM processors.

However while the apps come out clean after Avast Scan, virus and trojans are reported by others (virustotal services). I took my time researching on this but I can’t find information due to this being an old discontinued IDE, but I found comments on these being “false positives”, I’m not sure about that.

So, I’ve been looking for trustworthy installers, all I can find are third party websites listing apps, and Sharpdevelop among them. The official website no longer exist. I’m inclined to think it’s really about false positives as simple 15K exe files can’t contain that many viruses and trojans.

Any comments or trustworthy links will be appreciated.

Is Live IP support a legitimate company to get get rid of virus

I was working on my computer when suddenly everything stopped. The message I saw that my computer was infected with a virus and to call “Microsoft” at an 855 toll-free number. I did and got Live IP support telling me they could get rid of the virus, the Rundll32 virus and to get a Firewall. After panicking, that call ended up costing me $518. I was not able to even move my mouse. They also said I didn’t have a firewall. I have Microsoft products and thought I did have a firewall. A quick search told me that it doesn’t expire.

virus – I may have done something stupid

I needed to use MS Word but didn’t have a paid version so I googled ways on how to bypass the payment and got the following.

I ran the command and got the license but the video is very sketchy with a lot of bots in the comments

Also, in the video – they asked to turn off antivirus, which I didn’t
and still, the key activated.

@echo off
title Activate Office 365 ProPlus for FREE - MSGuides.com&cls&echo ============================================================================&echo #Project: Activating Microsoft software products for FREE without software&echo ============================================================================&echo.&echo #Supported products: Office 365 ProPlus (x86-x64)&echo.&echo.&(if exist "%ProgramFiles%Microsoft OfficeOffice16ospp.vbs" cd /d "%ProgramFiles%Microsoft OfficeOffice16")&(if exist "%ProgramFiles(x86)%Microsoft OfficeOffice16ospp.vbs" cd /d "%ProgramFiles(x86)%Microsoft OfficeOffice16")&(for /f %%x in ('dir /b ..rootLicenses16proplusvl_kms*.xrm-ms') do cscript ospp.vbs /inslic:"..rootLicenses16%%x" >nul)&(for /f %%x in ('dir /b ..rootLicenses16proplusvl_mak*.xrm-ms') do cscript ospp.vbs /inslic:"..rootLicenses16%%x" >nul)&echo.&echo ============================================================================&echo Activating your Office...&cscript //nologo slmgr.vbs /ckms >nul&cscript //nologo ospp.vbs /setprt:1688 >nul&cscript //nologo ospp.vbs /unpkey:WFG99 >nul&cscript //nologo ospp.vbs /unpkey:DRTFM >nul&cscript //nologo ospp.vbs /unpkey:BTDRB >nul&cscript //nologo ospp.vbs /inpkey:XQNVK-8JYDB-WJ9W3-YJ8YR-WFG99 >nul&set i=1
:server
if %i%==1 set KMS=kms7.MSGuides.com
if %i%==2 set KMS=kms8.MSGuides.com
if %i%==3 set KMS=kms9.MSGuides.com
if %i%==4 goto notsupported
cscript //nologo ospp.vbs /sethst:%KMS% >nul&echo ============================================================================&echo.&echo.
cscript //nologo ospp.vbs /act | find /i "successful" && (echo.&echo ============================================================================&echo.&echo #My official blog: MSGuides.com&echo.&echo #How it works: bit.ly/kms-server&echo.&echo #Please feel free to contact me at msguides.com@gmail.com if you have any questions or concerns.&echo.&echo #Please consider supporting this project: donate.msguides.com&echo #Your support is helping me keep my servers running everyday!&echo.&echo ============================================================================&choice /n /c YN /m "Would you like to visit my blog (Y,N)?" & if errorlevel 2 exit) || (echo The connection to my KMS server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server)
explorer "http://MSGuides.com"&goto halt
:notsupported
echo.&echo ============================================================================&echo Sorry! Your version is not supported.&echo Please try installing the latest version here: bit.ly/odt2k16
:halt
pause >nul

virus – a very small hidden window appeared

i`m new to this comunity, but a have an interesting question.

some time ago i noticed, that i have a strange cpu refresh rate caused by nothing (withou load basic Ghz was around 2.2, but now its allways around 3.8 – 4). first of all i thought about hidden miner or smth but today i noticed an interesting hidden window. at first i just closed it by Alt + F4, cause i cant close it another way and load dissapeared. but then it started to disappear randomly, even if that strange window is open. so i just want to know what it dis, mb some of you saw smth similar before..

P.S as of course id like to know how to find an isue and delete it.

P.S.S i have a black background, so it was hard to find, but i did, here is how it looks both open and “hidden” ways.hidden way
opened way

Why does a computer virus need a host program to run or at least start it off?

We all know about the famous computer viruses, it’s commonly discribe as code that attaches itself to a host and is capable of self replication.

I understand this fact established the reason it’s called a virus, because a biological virus is about the same thing, so you can say for terms sake if it doesn’t use a host it’s not a virus. Still you even have some viruses that can run even without the host running, meaning it is not always dependant of it. Even a bio virus can’t do that.

Why does a computer virus need a host program to run or at least start it off, in terms of programming logic. Why can’t it stand alone. I can only find information saying it does, but not why. Unless it’s a lie or not always true, a reasonable reason must exist.

linux – I clicked on a facebook virus

I made a huge mistake, I feel ashamed, normally I wouldn’t do this: I clicked on “It’s like you” virus in facebook messenger. First, it took me to a facebook-group, where I clicked again (yes, I was that stupid), and that link led me to a youtube video. But before that, it seemed to me that the browser visited several other pages. So first I checked the original url with virustotal, but that found nothing. Then I archived the page with archive.ph (archive.today), and during the process the site showed me this: https://pastebin.com/e91wZmqP (WARNING! Do not click on any of the links in the paste, it might contain harmful javascripts.)

The most suspicious js file was the one on the site kiigame. I made an archive, it contains only the text of the script: https://archive.ph/EAXyP

I used this site (https://beautifytools.com/javascript-validator.php) to see what kind of this script is it, and it has a clear structure, but the main content seems encrypted(?), as it uses hexadecimals codes for words. I use Kubuntu 20.04, and I think it couldn’t install any malware, since it didn’t ask me any permission, nor I had to give password. I use Google Chrome, and my main concern is if it installed any extension (like keylogger) in my browser. I deleted the files of the browser (with purge), but since I used to be logged in, and it synchronizes the extensions too, I fear that: if the js installed a harmful (maybe hidden) extension to the browser, it is linked now to my account to, and I can’t get rid of it. Do you think I should delete the account, or this js was only intended for stealing username and password?

Thank you for your help!