Avast WEBforum
Other => Viruses and worms => Topic started by: MattGinAZ on March 18, 2023, 04:15:13 PM
-
any ideas?
Log Name: Microsoft-Windows-CodeIntegrity/Operational
Source: Microsoft-Windows-CodeIntegrity
Date: 3/18/2023 6:52:18 AM
Event ID: 3033
Task Category: (1)
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: Matt-Desktop
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" />
<EventID>3033</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>111</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-03-18T13:52:18.9839972Z" />
<EventRecordID>19264</EventRecordID>
<Correlation ActivityID="{d5a4d083-5852-000a-8914-a5d55258d901}" />
<Execution ProcessID="5832" ThreadID="3684" />
<Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel>
<Computer>Matt-Desktop</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="FileNameLength">70</Data>
<Data Name="FileNameBuffer">\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll</Data>
<Data Name="ProcessNameLength">52</Data>
<Data Name="ProcessNameBuffer">\Device\HarddiskVolume2\Windows\System32\svchost.exe</Data>
<Data Name="RequestedPolicy">12</Data>
<Data Name="ValidatedPolicy">1</Data>
<Data Name="Status">3221226536</Data>
</EventData>
</Event>
-
more info ...
Log Name: Microsoft-Windows-CodeIntegrity/Operational
Source: Microsoft-Windows-CodeIntegrity
Date: 3/18/2023 6:52:18 AM
Event ID: 3089
Task Category: (1)
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Matt-Desktop
Description:
Signature information for another event. Match using the Correlation Id.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CodeIntegrity" Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" />
<EventID>3089</EventID>
<Version>2</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>130</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-03-18T13:52:18.8472863Z" />
<EventRecordID>19247</EventRecordID>
<Correlation ActivityID="{d5a4d083-5852-0004-9869-a5d55258d901}" />
<Execution ProcessID="5832" ThreadID="16072" />
<Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel>
<Computer>Matt-Desktop</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="TotalSignatureCount">1</Data>
<Data Name="Signature">0</Data>
<Data Name="CacheState">25</Data>
<Data Name="Hash Size">32</Data>
<Data Name="Hash">0C7D12E66B896B0F76E7C442CF955E8C2F28AEF9381B6FD64FBD5163F1456470</Data>
<Data Name="PageHash">false</Data>
<Data Name="SignatureType">1</Data>
<Data Name="ValidatedSigningLevel">1</Data>
<Data Name="VerificationError">7</Data>
<Data Name="Flags">0</Data>
<Data Name="PolicyBits">16</Data>
<Data Name="NotValidBefore">2022-09-16T00:00:00.0000000Z</Data>
<Data Name="NotValidAfter">2025-09-17T23:59:59.0000000Z</Data>
<Data Name="PublisherNameLength">21</Data>
<Data Name="PublisherName">Avast Software s.r.o.</Data>
<Data Name="IssuerNameLength">56</Data>
<Data Name="IssuerName">DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1</Data>
<Data Name="PublisherTBSHashSize">32</Data>
<Data Name="PublisherTBSHash">E3D1D87403BA977FA1E1CC382C8475BE756E9B32AD0957C3EE0F15C4C13561F3</Data>
<Data Name="IssuerTBSHashSize">48</Data>
<Data Name="IssuerTBSHash">65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64</Data>
</EventData>
</Event>
-
Read here: https://windll.com/dll/avast-software/aswamsi
polonus