Behavior:Win32/Hive.ZY being detected by windows defender every few minutes – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

Npressfetimg 391.png

Hello. 

 

This morning when I turned on the computer I started receiving notifications by the Windows Defender that a threat has been identified and that the unwanted threat or app was removed. However, this happens over and over again (see below the info from the Windows defender). There have been ~15 such notifications in the last few hours. It seems to go away for a bit, but then comes back. Googling about this issue I found that “hive” is some sort of ransomware virus. I would like to make sure that whatever is causing this is removed from my computer.

I have tried doing scans with the windows defender, including the offline scan, but that has not solved the issue.

 

.I have pasted the logs (FRST.txt and addition.txt) from FRST scan below as well. 

 

I would be happy for any assistance regarding this issue. Thank you.

 

—-

Windows defender notifications provide the following information:

 

Threat blocked__________________________Severe

9/4/2022 1:00 PM

 

Detected: Behaviour:Win32/Hive.ZY

Status: Removed

A theat or app was removed from this device

Date: 9/4/2022 1:00 PM

Details: This program is dangerous and executes commands from an attacker.

 

Affected items:

behavior: pid:15188:74439979291537

 

 

—–

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022

Ran by (redacted) (administrator) on DESKTOP-U26D0RR (Gigabyte Technology Co., Ltd. X570 AORUS ULTRA) (04-09-2022 13:14:31)

Running from C:UsersA(redacted)Downloads

Loaded Profiles: (redacted)

Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:Program Files (x86)GemaltoClassic ClientBINRegTool.exe

(Adobe Inc. -> Adobe Systems Inc.) C:Program Files (x86)AdobeAcrobat DCAcrobatacrotray.exe

(C:Gamesbincefcef.win7x64steamwebhelper.exe ->) (Discord Inc. -> Discord Inc.) C:Users(redacted)AppDataLocalDiscordapp-1.0.9006Discord.exe <6>

(C:Gamessteam.exe ->) (Valve Corp. -> Valve Corporation) C:Gamesbincefcef.win7x64steamwebhelper.exe <7>

(C:Program Files (x86)GIGABYTEAppCenterApCent.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:Program Files (x86)GIGABYTEAppCentergcupd.exe

(C:Program FilesLGHUBlghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:Program FilesLGHUBlghub_agent.exe

(C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCopyAccelerator.exe

(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnui.exe

(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat DCAcrobatAdobeCollabSync.exe <2>

(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:Program Files (x86)Adobe…….

Source: https://www.bleepingcomputer.com/forums/t/776703/behaviorwin32hivezy-being-detected-by-windows-defender-every-few-minutes/

Leave a comment

Your email address will not be published. Required fields are marked *