Avast and discord
Author: s | 2025-04-24
If Avast is blocking Discord, it indicates that Avast thinks something within your Discord software is malicious, such as a virus or trojan, Unlike antivirus software, Avast’s System Shield Why is Avast blocking Discord? If Avast is blocking Discord, it indicates that Avast thinks something within your Discord software is malicious, such as a virus or trojan, and has decided to stop it. Here’s how to add a file to Avast’s whitelist: Open Avast Antivirus, navigate the menu in the top right and click on the Settings tab.
Discord issues? - Avast Free Antivirus / Premium Security - Avast
Claro, aqui está a tradução do seu texto do português para o inglês:"Hello, Dênis, thank you for helping me.To make it easier, I will insert here two versions of the logs: one in safe mode and another normally with the internet. First, I will put the normal mode and then the safe mode, okay?You will probably feel confused because the logs are in Portuguese. If this makes your analysis impossible, please let me know."NORMAL MODE:Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 01.01.2024Executado por Guilherme (administrador) em AFORTUNADO (ASUS System Product Name) (03-01-2024 19:09:22)Executando a partir de C:\Users\Guilherme\Downloads\FRST64.exePerfis Carregados: GuilhermePlataforma: Microsoft Windows 11 Pro Versão 23H2 22631.2861 (X64) Idioma: Português (Portugal) -> Português (Brasil)Navegador padrão: OperaModo da Inicialização: Normal==================== Processos (Whitelisted) =================(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.91\identity_helper.exe(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe(C:\Program Files\Avast Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe(C:\Program Files\Avast Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe(C:\Program Files\Avast Software\Avast\AvLaunch.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> The Qt Company Ltd.) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngineProcess.exe (C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe(C:\Users\Guilherme\AppData\Local\Programs\nordpass\NordPass.exe ->) (nordvpn s.a. -> ) C:\Users\Guilherme\AppData\Local\Programs\nordpass\resources\nordpass-background-app.exe(C:\Users\Guilherme\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Guilherme\AppData\Local\Programs\Opera GX\105.0.4970.63\opera_crashreporter.exe(D:\Games\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\bin\cef\cef.win7x64\steamwebhelper.exe (Discord Inc. -> Discord Inc.) C:\Users\Guilherme\AppData\Local\Discord\app-1.0.9028\Discord.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvLaunch.exe(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (explorer.exe ->) (nordvpn s.a. -> NordPass Team) C:\Users\Guilherme\AppData\Local\Programs\nordpass\NordPass.exe (explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\steam.exe(Opera Norway AS -> Opera Software) C:\Users\Guilherme\AppData\Local\Programs\Opera GX\opera.exe (services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe(services.exe ->) (nordvpn. If Avast is blocking Discord, it indicates that Avast thinks something within your Discord software is malicious, such as a virus or trojan, Unlike antivirus software, Avast’s System Shield Why is Avast blocking Discord? If Avast is blocking Discord, it indicates that Avast thinks something within your Discord software is malicious, such as a virus or trojan, and has decided to stop it. Here’s how to add a file to Avast’s whitelist: Open Avast Antivirus, navigate the menu in the top right and click on the Settings tab. How to stop Avast from blocking Discord. As frustrating as it can be to have Avast blocking your Discord software, this issue does occur quite often and is fairly easy to solve. We’ll walk through the steps you need to take to ensure that Avast stays out of Discord’s way. Whitelist Discord within Avast Antivirus How to stop Avast from blocking Discord. As frustrating as it can be to have Avast blocking your Discord software, this issue does occur quite often and is fairly easy to solve. We’ll walk through the steps you need to take to ensure that Avast stays out of Discord’s way. Whitelist Discord within Avast Antivirus How to stop Avast from blocking Discord. As frustrating as it can be to have Avast blocking your Discord software, this issue does occur quite often and is fairly easy to solve. We’ll walk through the steps you need to take to ensure that Avast stays out of Discord’s way. Whitelist Discord within Avast Antivirus How to stop Avast from blocking Discord. As frustrating as it can be to have Avast blocking your Discord software, this issue does occur quite often and is fairly easy to solve. We’ll walk through the steps you need to take to ensure that Avast stays out of Discord’s way. Whitelist Discord within Avast Antivirus How to stop Avast from blocking Discord. As frustrating as it can be to have Avast blocking your Discord software, this issue does occur quite often and is fairly easy to solve. We’ll walk through the steps you need to take to ensure that Avast stays out of Discord’s way. Whitelist Discord within Avast Antivirus Why is Avast blocking Discord? If Avast is blocking Discord, it indicates that Avast thinks something within your Discord software is malicious, such as a virus or trojan, Right-click on the discord.exe file and click Properties. Then, tick the Run as administrator box. Online accounts and bank details, can be leaked to cybercriminals,” Holman added.Malware distribution via YouTubeAfter purchasing and compiling their individualized malware sample, some clients use YouTube to market and distribute their malware. Avast researchers have seen clients create a YouTube video supposedly showing information about a cracked game, or game cheat, which they link to. However, the URL really leads to their malware instead. To create trust for their video, they ask other people on Discord to like and leave comments under the video, endorsing it and saying it is genuine. In some cases they even asked other people to comment that if their antivirus software detects the file as malicious, it’s a false positive. “This technique is quite insidious, because instead of fake accounts and bots, real people are used to upvote harmful content. As genuine accounts are working together to positively comment on the content, the malicious link seems more trustworthy, and as such can trick more people into downloading it,” comments Jan Holman.Through monitoring the online communities, Avast discovered that despite group members supporting each other with cybercrime partially meant as pranks, but also as actual information and money stealing, there are also conversations that easily become quite turbulent. A considerable amount of fighting, instability, and bullying amongst users with “cutthroat” competition that goes to the point of appropriating someone else’s codebase and slandering them was observed. Snapshot from Discord conversationMalware builders are tools that allow users to generate malicious files without having to program anything. Typically, users only need to select the functionalities and customize details such as the icon. There are several builder-based malware families that have similar user interfaces with slightly different layouts, color pallets, names, and logos. They are usually short-lived projects based on a source code from GitHub or some other builder, rebranded with a new logo and name, sometimes slightly tweaked or modified with new functionalities.Avast has created detections protecting users from the samples spreading on the servers and reached out to Discord to inform them about these groups. Discord confirmed they take action to address these types of communities, and has banned the servers associated with Avast’s findings.How to Protect Kids from Dark Activities Online:It’s very important to teach children to be critical of attractive offers, such as new game features unavailable in the official stores or pre-release versions of popular games. Parents also need to educate children on the importance of password security and tell them never to share their passwords with others, even if they claim to be their friends or a game master offering help. For the younger kids, it is crucial not to reveal any personal information when playing on multiplayer platforms, such as Discord orComments
Claro, aqui está a tradução do seu texto do português para o inglês:"Hello, Dênis, thank you for helping me.To make it easier, I will insert here two versions of the logs: one in safe mode and another normally with the internet. First, I will put the normal mode and then the safe mode, okay?You will probably feel confused because the logs are in Portuguese. If this makes your analysis impossible, please let me know."NORMAL MODE:Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 01.01.2024Executado por Guilherme (administrador) em AFORTUNADO (ASUS System Product Name) (03-01-2024 19:09:22)Executando a partir de C:\Users\Guilherme\Downloads\FRST64.exePerfis Carregados: GuilhermePlataforma: Microsoft Windows 11 Pro Versão 23H2 22631.2861 (X64) Idioma: Português (Portugal) -> Português (Brasil)Navegador padrão: OperaModo da Inicialização: Normal==================== Processos (Whitelisted) =================(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.91\identity_helper.exe(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe(C:\Program Files\Avast Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe(C:\Program Files\Avast Software\Avast\AvastUI.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe(C:\Program Files\Avast Software\Avast\AvLaunch.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> The Qt Company Ltd.) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngineProcess.exe (C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe(C:\Users\Guilherme\AppData\Local\Programs\nordpass\NordPass.exe ->) (nordvpn s.a. -> ) C:\Users\Guilherme\AppData\Local\Programs\nordpass\resources\nordpass-background-app.exe(C:\Users\Guilherme\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Guilherme\AppData\Local\Programs\Opera GX\105.0.4970.63\opera_crashreporter.exe(D:\Games\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\bin\cef\cef.win7x64\steamwebhelper.exe (Discord Inc. -> Discord Inc.) C:\Users\Guilherme\AppData\Local\Discord\app-1.0.9028\Discord.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvLaunch.exe(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (explorer.exe ->) (nordvpn s.a. -> NordPass Team) C:\Users\Guilherme\AppData\Local\Programs\nordpass\NordPass.exe (explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\steam.exe(Opera Norway AS -> Opera Software) C:\Users\Guilherme\AppData\Local\Programs\Opera GX\opera.exe (services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe(services.exe ->) (nordvpn
2025-04-21Online accounts and bank details, can be leaked to cybercriminals,” Holman added.Malware distribution via YouTubeAfter purchasing and compiling their individualized malware sample, some clients use YouTube to market and distribute their malware. Avast researchers have seen clients create a YouTube video supposedly showing information about a cracked game, or game cheat, which they link to. However, the URL really leads to their malware instead. To create trust for their video, they ask other people on Discord to like and leave comments under the video, endorsing it and saying it is genuine. In some cases they even asked other people to comment that if their antivirus software detects the file as malicious, it’s a false positive. “This technique is quite insidious, because instead of fake accounts and bots, real people are used to upvote harmful content. As genuine accounts are working together to positively comment on the content, the malicious link seems more trustworthy, and as such can trick more people into downloading it,” comments Jan Holman.Through monitoring the online communities, Avast discovered that despite group members supporting each other with cybercrime partially meant as pranks, but also as actual information and money stealing, there are also conversations that easily become quite turbulent. A considerable amount of fighting, instability, and bullying amongst users with “cutthroat” competition that goes to the point of appropriating someone else’s codebase and slandering them was observed. Snapshot from Discord conversationMalware builders are tools that allow users to generate malicious files without having to program anything. Typically, users only need to select the functionalities and customize details such as the icon. There are several builder-based malware families that have similar user interfaces with slightly different layouts, color pallets, names, and logos. They are usually short-lived projects based on a source code from GitHub or some other builder, rebranded with a new logo and name, sometimes slightly tweaked or modified with new functionalities.Avast has created detections protecting users from the samples spreading on the servers and reached out to Discord to inform them about these groups. Discord confirmed they take action to address these types of communities, and has banned the servers associated with Avast’s findings.How to Protect Kids from Dark Activities Online:It’s very important to teach children to be critical of attractive offers, such as new game features unavailable in the official stores or pre-release versions of popular games. Parents also need to educate children on the importance of password security and tell them never to share their passwords with others, even if they claim to be their friends or a game master offering help. For the younger kids, it is crucial not to reveal any personal information when playing on multiplayer platforms, such as Discord or
2025-04-16S.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe (services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Guilherme\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2349.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe(svchost.exe ->) (ADLICE -> ) C:\Program Files\Diag\Diag64.exe(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\23.246.1127.0002\FileCoAuth.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe==================== Registro (Whitelisted) ===================(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [417176 2023-12-28] (Avast Software s.r.o. -> AVAST Software)HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196264 2023-12-12] (ESET, spol. s r.o. -> ESET)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-12-25] (Adobe Inc. -> Adobe Inc.)HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [MicrosoftEdgeAutoLaunch_2A9BB2E55E40E42DC7AB1C4AF18EE0A3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854280 2023-12-21] (Microsoft Corporation -> Microsoft Corporation)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [Opera GX Stable] => C:\Users\Guilherme\AppData\Local\Programs\Opera GX\launcher.exe [2296224 2023-12-21] (Opera Norway AS -> Opera Software)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [Steam] => D:\Games\steam.exe [4386664 2023-12-07] (Valve Corp. -> Valve Corporation)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [Discord] => C:\Users\Guilherme\AppData\Local\Discord\Update.exe [1525016 2023-12-19] (Discord Inc. -> GitHub)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2658920 2023-12-08] (Electronic Arts, Inc. -> Electronic Arts)HKU\S-1-5-21-1621880047-891243703-2650676046-1001\...\Run: [electron.app.NordPass] => C:\Users\Guilherme\AppData\Local\Programs\nordpass\NordPass.exe [163417000 2023-12-21] (nordvpn s.a. -> NordPass Team)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.130\Installer\chrmstp.exe [2023-12-25] (Google LLC -> Google LLC)HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição ==================== Tarefas Agendadas (Whitelisted) =================(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)Task: {24E44F03-91B0-4FA3-94F3-FD146355BD63} - System32\Tasks\Adlice Diag => C:\Program Files\Diag\Diag64.exe [33871792 2023-11-02] (ADLICE -> )Task: {EBF896B8-8B18-4FA7-9678-2DF71A4AF841} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5094808 2023-12-28] (Avast Software s.r.o. -> AVAST Software)Task: {436D9DEF-5A2D-4A75-AD9F-01FE8D3A7315} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-12-28] (Avast Software s.r.o. -> Avast Software)Task: {5CD6436E-F1A0-489E-A53A-8ED9F9E65C2F} - System32\Tasks\GoogleUpdateTaskMachineCore{E00BBDDA-8CAD-43DD-9D84-8019B8DC3239} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-12-25] (Google LLC -> Google LLC)Task: {73C0547C-42C6-4B87-A028-53C1399BEF2D} - System32\Tasks\GoogleUpdateTaskMachineUA{633ED6BB-EBE2-4B88-B441-3231A2817AE1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-12-25] (Google LLC -> Google LLC)Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo)Task: {691B25C4-DDDA-414D-AF32-9073E9D84AFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {3756BE79-1F35-4CC4-8856-6EA2C7664A54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {1CE2F2A0-03AE-4EE9-9553-D9DCFEEE84B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {9DD45E3C-9BF5-46F0-87C6-8398BB56D730} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {83A18C3C-9957-4E58-897F-CD0192B6BBFD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.logTask: {177366FE-E286-4E00-9221-8BD422FA82CE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-12-06] (NVIDIA Corporation -> NVIDIA Corporation)Task: {97114022-874C-452F-AA0B-AC65B0EB93A1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-12-06] (NVIDIA Corporation -> NVIDIA Corporation)Task: {2F8EE6DF-B7F9-4A63-ABD4-7CB0BC1205CD}
2025-04-24Prague, Czech Republic, June 28, 2022 - Avast (LSE:AVST), a global leader in digital security and privacy, has discovered an online community of minors constructing, exchanging and spreading malware, including ransomware and a mix of information stealers and cryptominers. The group lures young users by advertising access to different malware builders and tool kits that allow laypeople to construct malware easily. In some cases, people have to buy access to the malware builder tool in order to join the group, and in others, they can become group members where they are offered the tool for a nominal fee of 5 to 25 Euros.Builder for Lunar malwareThe community uses dedicated Discord servers as a discussion board and selling place to spread malware families such as “Lunar”, “Snatch”, or “Rift”, which follow the current trend of malware-as-a-service. The discussion boards unveil that age-related insults are being thrown on a nearly daily basis. Kids also revealed their ages, discussed the idea of hacking teachers and their school systems and mentioned their parents in conversations. In a Discord group focusing on selling “Lunar”, there were over 1.5k users, out of which about 60-100 had a “client” role, meaning they paid for the builder. The prices of the malware builder tools differ depending on the type of tool and duration of access to the tool.Snapshot from a Discord conversationThe types of malware exchanged among teens targets both minors and adults and have options that include password and private information stealing, cryptomining, and even ransomware. For example, if a client buys a builder tool and chooses to use it for data theft, the generated sample will send any stolen data to that particular client who generated and distributed it. Or, if a client uses a tool to generate a ransomware sample, the victim will be asked to send money to that particular client’s cryptowallet. Other prominent features include stealing gaming accounts, deleting Fortnite or Minecraft folders, or repeatedly opening a web browser containing adult content, apparently simply for the sake of pranking others.Lunar malware able to delete Fortnite“These communities may be attractive to children and teens as hacking is seen as cool and fun, malware builders provide an affordable and easy way to hack someone and brag about it to peers, and even a way to make money through ransomware, cryptomining and the sale of user data,” said Avast Malware Researcher Jan Holman. “However, these activities by far aren’t harmless, they are criminal. They can have significant personal and legal consequences, especially if children expose their own and their families’ identities online or if the purchased malware actually infects the kids’ computer, leaving their families vulnerable by letting them use the affected device. Their data, including
2025-04-19