I thought for a second you were referring to a recent new member whose "name" goes by A12345678 or similar. 😄
Was this via some app, forum or browsing the web ?

 

Just ran a search on that name, we seem to be the only result ... and it's this thread

 

Instances where, from what (folder?)? A process, driver name?

Assuming browser-related, Search engine settings need scrutinising to eliminate any false/made up result, no guesses or discussions, probably better to move to using Private browsing and tighten up/check the search engine settings several times per session/day.

Were you running one of the Sysinternals tools, like Process Explorer?

 

Were you running one of the Sysinternals tools, like Process Explorer?

After reading Corday's post, I downloaded and did a deep scan with Malwarebytes. It didn't like this app at alI. Not that it's infected but I guess for what it does? Windows Security doesn't care. SecureAge also considers it malicious.

Can someone tell me why? It's a handy little app.

Wireless Network Watcher - Show who is connected to your wireless network

scans your wireless network and displays the list of all computers and devices that are currently connected to your network.

www.nirsoft.net

 

If in doubt, scan any suspect files at .... https://www.virustotal.com/gui/home/upload

 

Fortunately after quarantine, no reappearance. Wish MBAM had been more descriptive.

 

I seem to remember that in most AV scanners I have used, including defender, there is a quarantine folder or similar similar where the infected files with descriptions are listed, including a method for removing and replacing in the original folder, which I had found most helpful in the past for saving to a read only folder or CD, just for the abilty to test AV Apps ..
Maybe the virus is still lurking inside a safe folder and can be extracted.

 

FWIW

 

Can you expand those registry keys to see what's lurking at the end?

I had to look this up:

The slcc.dll file, also known as Software Licensing Commerce Client, is a dynamic link library associated with software programs on Windows. This file supports various functions within applications. Corruption or absence of the slcc.dll file can cause error messages and hinder software performance.

Can still find and submit the infected .dll for analysis? Or even your current one?

 

It looks like these files are created by MBAM flagging other malware, if I am reading this right

Malware.AI | Malwarebytes Labs

Malware.AI.(id-nr) are detection names produced by the Artificial Intelligence module in Malwarebytes 4 and Malwarebytes business products.

www.malwarebytes.com

 

Spunk: This is either good news or bad news. I'm still working on it.

 

I guess we will see how it plays out. Carry on.

 

I think the important thing to be taken from the Malwarebytes page linked to by spunk.funk is ....

Malwarebytes detects unknown threats as Malware.AI by using Artificial Intelligence and Machine Learning techniques without any specific detection rules to protect users from malware that has not yet been researched and classified.

..... in other words it's a heuristic detection, and as such likely to be unreliable (or at least to be treated with some caution).

Heuristic detections have been around for quite some time now (I guess they're just labelling them as "AI" as it's the latest buzz word that's applied to everything these days) and are a major source of false positives.

 

In the 90s my AV/Firewall scan could be run in about ¼ hour. If I chose the heuristic option, about an hour. Probably Norton, but not sure.

 

Thing about heuristics is they're really just an "educated guess" based on a file's functionality and behaviour. Their algorithms are better now than they were a few years back, but they still leave a great deal to be desired, and frequently flag legit processes as malicious.

They were introduced because the AV companies couldn't keep up with creating definitions for all the new malware that is constantly being created, but they're not now, nor have they ever been, something you should trust to be reliable.