question

SM-blondii369 avatar image
0 Votes"
SM-blondii369 asked SM-blondii369 commented

Safety Scanner won't finish - Am I actually infected??

My system is acting like its infected, constantly having random problems throughout the day. My connection randomly drops while browsing the web but will reconnect and refresh the pages within seconds.

I use Acronis True Image security and protection but Windows Defender will randomly notify me that I'm not protected (I assumed because Acronis disables the live-protection thing that Defender offers). I disabled Acronis Protection and THEN I opened up Windows Security and it said 'True Image Protection is out of date', gives me an option to update it but pushing the button does absolutely nothing and there's nothing about the needed update from the Acronis dashboard. The help site told me to check the connections so I did what it said to and did a ping test with <hostname> & <ip> which were fine. Next went to windows event logs and checked the 'Audit Failures' where I found this reoccurring event since the 24th:


Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 1/24/2021 12:40:06 PM
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or
the invalid hash could indicate a potential disk device error.
` File Name: \Device\HarddiskVolume3\Program
Files\Acronis\CyberProtect\remediation.exe

I ran a SetupDiag scan last night and going through the logs from 24th when I did a complete Win10 reinstall, I noticed some URL's and log stated files were being transferred from. I tried looking up the URL's and Edge warned me that my connection was not private and that I should not continue... not really sure what's up with that, I'd love for someone to skim through it and see if anything sticks out as suspicious or odd.

Trying to now run the Microsoft Safety Scanner & just like the Storage Sense clean option, It has stopped while scanning C:\WINDOWS\sysWOW64\cmd.exe Its been like this for about 25 minutes now. Why are these things not able to scan all the way through like theyre intended to?? Am I infected or is it a problem with Acronis? This is exhausting and driving me insane...61223-screenshot-3-li.jpg


windows-10-setupwindows-server-security
screenshot-3-li.jpg (602.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JoyQiao-MSFT avatar image
0 Votes"
JoyQiao-MSFT answered SM-blondii369 commented

Hi,

" I disabled Acronis Protection and THEN I opened up Windows Security and it said 'True Image Protection is out of date', gives me an option to update it"

We recommend to contact with Acronis support to check if they have any resource for it or if they have update version for their product.

If you suspect you got infected, we could run Windows Defender to perform a full scan. We should update system through Settings\update & security\Windows Update before scan to make sure you have latest version for Windows Defender, You also could disable Acronis temporarily before full scan.

61635-capture.png


Bests,

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


capture.png (164.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I uninstalled Acronis all together, made sure the system was up to date and ran a full scan through Microsoft Defender. Didn't seem to pick up anything on that, although, Malwarebytes picked up 2 Malware/Exploit Agent files. But deleting disabling and then ultimately getting rid of Acronis did help a bit. Thank you again.

0 Votes 0 ·
DebraBreeden-8004 avatar image
0 Votes"
DebraBreeden-8004 answered

The security scanner takes a hash of files and compares them to known, good hashes. The fact that the current hash doesn't match means that the file is corrupt in some manner. You should try to get a known good replacement for that file that is alerting on your scanner: File Name: \Device\HarddiskVolume3\Program
Files\Acronis\CyberProtect\remediation.exe. This seems to be clear.
Other possible causes:
Since you are having issues in the security scan with unrelated files, it is possible you have bad sectors or blocks on your disk, and that it is about to fail on you.
You could be close to maximum capacity on your drive, and there might not be "room" enough left for the scan to work. Check your drive's empty space. This often happens if you have a small drive where your OS is stored, and the periodic Windows update downloads and fills up remaining space, and doesn't leave enough room for the update action. Can occur on devices with disks smaller than 100GB, for instance.
Finally, as always, check to make sure that you are up-to-date with your OS. You may well have the most current updates downloaded, but not installed, for reason of lack of working space.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.