Text only | Text with Images

LandzDown Forum

Security => Security Software Programs => Topic started by: JDBush61 on July 01, 2014, 06:07:00 AM

Title: Worried about WinPatrol ALERT: File Type Change
Post by: JDBush61 on July 01, 2014, 06:07:00 AM
For a few weeks now, and since installing CryptoPrevent, WinPatrol repeatedly flashes me alerts to file type changes (.PIF and .SCR)

"Scotty the WinPatrol Watchdog hads detected a change to one of your file type associates. .PIF

The program currently used for this file type is
Company name (none) -  %1 %*

A change has been made to use the following program for this file type:
CryptoPrevent
C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.exe *%1 %*"

As soon as I click accept (assuming it is the legitimate CryptoPrevent change), a second WinPatrol window pops up warning
about a .SCR file change. My apologies, yet I just quickly clicked "accept change", yet the new file type is Filter Mod %1 /S %*,
yet I didn't write down what the original file type was. I should also note that at first, I clicked "do not accept change" for both file type changes in the Scotty window, yet after a few minutes the the warning windows reappear, as I did not checkmark the "do not notify again about this file type change".

Anyway, can someone please explain to me if this change is OK?

One more thing, when I run MalwareBytes (newest version and definitions) with "scan for rootkits" also checked, it finds two bugs
associated/called "Broken.OpenCommand". These two bugs might be false positives (or not) from what I have read at other sites, and when I had MalwareBytes quarantine/delete them, the above-described WinPatrol ALERT windows suddenly appeared again.

With ALL of that aside, it might just be that I have too many various security/cleaning programs on this machine and they might be conflicting with one another and fighting for control, thus causing problems.

Currently installed (mostly due to my paranoia and posts here at Landzdown):

Norton 360 (full time protection / firewall)
WinPatrol (Newest Free Version)
MalwareBytes Anti-Malware (Newest Free Edition)
MalwareBytes Anti-Exploit (Newest Free Edition)
SuperAntiSpyware (Newest Free Edition)
SpywareBlaster (Updated Free)
CCleaner (Updated Free)
CryptoPrevent (Updated Version)
AdwCleaner (Newest Release)


Title: Re: Worried about WinPatrol ALERT: File Type Change
Post by: ky331 on July 01, 2014, 10:52:23 AM
The MBAM+WinPatrol warnings you're mentioning are the result of a new real-time FILTER MODULE introduced in CryptoPrevent version 6.x

If you want to run CryptoEvent's filter module, you need to tell WinPatrol to accept the changes, and tell MBAM to ADD EXCLUSIONS for them

For more details, see http://www.landzdown.com/web-news/cryptolocker-ransomware/msg167783/#msg167783

Focus on replies #81, #84, and #87.
Title: Re: Worried about WinPatrol ALERT: File Type Change
Post by: JDBush61 on July 01, 2014, 12:31:09 PM
Hi ky331, thank you for your reply and the link. I'll check it out and try to adjust the associated settings accordingly.

Best regards

J
Text only | Text with Images