Solved

WebRoot and XPCOM and Tor

  • 19 February 2023
  • 5 replies
  • 150 views

Userlevel 3
Badge +3

This is a bit more complicated than the error message about Tor and XPCOM but it’s a major part.  About four or five days ago I tried to open Tor Browser on one of my two laptops.  Immediately, instead, a WebRoot message appeared that said it had detected a virus in XPCOM but (probably misremebering) only had one option and that was to delete the virus.  From that point on every time opening Tor it began to open but then that error message Cannot Load XPCOM.  Decided to delete Tor and reinstall it.  In Win11 Settings I looked for it under Apps but nothing even close to Tor was listed.  Looked for it in File Explorer but again no listing.  Went back to the desktop and right clicked the Tor Browser and told WebRoot to completely erase it.  Tried again for the Start Tor link.  All of the Tor links are still there and work save for XPCOM.  Tried to just download a new program but even that stopped at an XPCOM error.  Tried to download the program file with a slightly different file name but that stopped at XPCOM.  I contacted Tor’s support but so far no acknowledgement. They asked for the log file but...well, you know.  I’ve googled it and everything I can find was the last time it was more widespread but the new versions don’t match up with the old remedies.  I tried to find WebRoot’s Whitelist but apparently that isn’t available that I can find.  I could go on and on (obviously) but 4 or 5 day’s efforts were, so far, fruitless.  Any help whatsoever would be deeply appreciated. 

icon

Best answer by TripleHelix 19 February 2023, 15:56

View original

5 replies

Userlevel 7
Badge +63

Hello @haiweepp 

 

The best thing to do is contact Webroot Support and they will sort it out for you!

Webroot Customer Service

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

 

Thanks,

 

Userlevel 3
Badge +3

Thank you.  I’ll report it to support now.  I appreciate your time.

Userlevel 7
Badge +63

Thank you.  I’ll report it to support now.  I appreciate your time.

Great it could be a simple thing of whitelisting some files in the Webroot Cloud Database.

 

Save a Scan log and look near the bottom and you should see the issue.

https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingReportsAndViewers/SavingScanLogs.htm

 

Thanks!

Userlevel 3
Badge +3

Sorry it took so long to respond.  My brain doesn’t work well sometimes.

 

I found the scan log, copied and opened it.  I doubt that anyone needs that entire file so I’ll copy/paste just from the first time Tor was blocked.  I see no obvious way to attach a file so here’s from just before the first block.

 

Tue 2023-02-14 22:53:51.0956    Monitoring process C:\Users\haiwe\Desktop\Tor Browser\Browser\firefox.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Tue 2023-02-14 22:53:51.0956    Monitoring process C:\Users\haiwe\Desktop\Tor Browser\Browser\firefox.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Tue 2023-02-14 22:53:51.0956    Monitoring process C:\Users\haiwe\Desktop\Tor Browser\Browser\firefox.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Tue 2023-02-14 22:53:51.0972    Monitoring process C:\Users\haiwe\Desktop\Tor Browser\Browser\firefox.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Tue 2023-02-14 22:53:51.0972    Monitoring process C:\Users\haiwe\Desktop\Tor Browser\Browser\firefox.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Wed 2023-02-15 00:31:43.0663    System shutting down.
Wed 2023-02-15 00:31:48.0228    Configuration Saved: CSCS5C520F9B476AB6738550929B938E8D80,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,00111,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E1,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00614,00624,00634,00641,00654,00664,00674,00681,00694,006A4,006B4,006C1,006D4,006E4,006F4,00701,00714,00724,00734,00741,00754,00764,00774,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B51,00B61,00B71,00B80,00B90,00BA0,00BB1,00BC3,00BD0,00BE0,00BF0,00C00,00C10,
Wed 2023-02-15 00:31:48.0228    <<< Service shut down successfully. Uptime: 8885 minute(s)
Wed 2023-02-15 00:32:22.0206    WF Configuration : 0x1F7
Wed 2023-02-15 00:32:22.0300    SCC version: 1.3.0.119
Wed 2023-02-15 00:32:22.0332    SCC version: 1.5.0.49
Wed 2023-02-15 00:32:22.0332    Genesis startup initiated
Wed 2023-02-15 00:32:22.0410    >>> Service started [v9.0.33.35]
Wed 2023-02-15 00:32:22.0410    Version state: PBN: 09002123, DBN: 0900211a, HVN: $Revision: #89 $
Wed 2023-02-15 00:32:23.0430    ScriptShield active config: 2S(2) yes, SR(2) yes, SSH yes, FLR no, RUD yes, SDE(2) yes, DSR no, DQT 65536, MFS 250, USE yes, UNR no
Wed 2023-02-15 00:32:23.0760    ELAM applicable: yes, driver present yes, driver registered yes, PPL: yes, PPL configured: yes, mandated: yes
Wed 2023-02-15 00:32:36.0542    Agent Bits : 72057594037927941
Wed 2023-02-15 00:32:39.0434    User process connected successfully from PID 0, Session 0
Wed 2023-02-15 00:32:39.0434    User process connected successfully from PID 9336, Session 1
Wed 2023-02-15 00:32:39.0465    Connecting to 84 - 84
Wed 2023-02-15 00:32:39.0871    Global Data: GCV: 1.0, $Revision: #111 $, GCS: 0x00000009
Wed 2023-02-15 00:32:39.0871    FCS mode: FMO (GC2: 0)
Wed 2023-02-15 00:32:39.0871    GNS m: yes, SCC l: yes
Wed 2023-02-15 00:32:39.0871    SA Flags: HW:1, SW:0
Wed 2023-02-15 00:32:39.0871    Global Data: GCV: 1.0, $Revision: #111 $, GCS: 0x00000009
Wed 2023-02-15 00:32:39.0871    ScriptShield active config: 2S(2) yes, SR(2) yes, SSH yes, FLR no, RUD yes, SDE(2) yes, DSR no, DQT 65536, MFS 250, USE yes, UNR no
Wed 2023-02-15 00:33:22.0669    Genesis is running
Wed 2023-02-15 16:06:29.0501    Scan Started:  [ID: 374 - Flags: 1575/0]
Wed 2023-02-15 16:07:06.0708    Scan Results: Files Scanned: 71799, Duration: 37s, Malicious Files: 0
Wed 2023-02-15 16:07:07.0457    Connected to C16
Wed 2023-02-15 16:07:07.0462    Scan Finished: [ID: 374 - Seq: 2147000000]
Wed 2023-02-15 19:50:55.0401    User process connected successfully from PID 0, Session 0
Wed 2023-02-15 20:25:54.0698    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090001] [W32.Malware.Gen]
Wed 2023-02-15 20:25:54.0699    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589825/00000003] [W32.Malware.Gen]
Wed 2023-02-15 20:25:54.0705    Determination flags modified: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll - UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes, Flags: 00000020
Wed 2023-02-15 20:25:54.0706    Performing cleanup entry: 1
Wed 2023-02-15 20:25:55.0072    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090001] [W32.Malware.Gen]
Wed 2023-02-15 20:25:55.0072    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589825/00000003] [W32.Malware.Gen]
Wed 2023-02-15 20:25:55.0073    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589825/00000003] [W32.Malware.Gen]
Wed 2023-02-15 20:25:56.0760    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Wed 2023-02-15 20:25:56.0760    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:56.0761    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:56.0764    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:56.0904    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Wed 2023-02-15 20:25:56.0904    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:56.0905    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:57.0011    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:25:57.0011    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:26:53.0662    Performing cleanup entry: 2
Wed 2023-02-15 20:26:57.0384    Scan Started:  [ID: 375 - Flags: 551/128]
Wed 2023-02-15 20:27:40.0902    Scan Results: Files Scanned: 74652, Duration: 43s, Malicious Files: 0
Wed 2023-02-15 20:27:42.0531    Scan Finished: [ID: 375 - Seq: 2147000000]
Wed 2023-02-15 20:32:16.0495    Scan Started:  [ID: 376 - Flags: 1575/128]
Wed 2023-02-15 20:33:19.0437    Scan Results: Files Scanned: 75614, Duration: 1m 2s, Malicious Files: 0
Wed 2023-02-15 20:33:20.0051    Scan Finished: [ID: 376 - Seq: 374905993]
Wed 2023-02-15 20:55:00.0574    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Wed 2023-02-15 20:55:00.0574    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:00.0587    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:00.0590    Performing cleanup entry: 5
Wed 2023-02-15 20:55:02.0468    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Wed 2023-02-15 20:55:02.0468    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:02.0474    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:02.0514    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Wed 2023-02-15 20:55:02.0514    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:02.0516    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:02.0582    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Tor browser 2\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Wed 2023-02-15 20:55:07.0486    Performing cleanup entry: 6
Wed 2023-02-15 20:55:07.0993    Scan Started:  [ID: 377 - Flags: 1575/128]
Wed 2023-02-15 20:56:15.0891    Scan Results: Files Scanned: 77952, Duration: 1m 7s, Malicious Files: 0
Wed 2023-02-15 20:56:16.0560    Scan Finished: [ID: 377 - Seq: 374907370]
Wed 2023-02-15 20:57:30.0395    Scan Started:  [ID: 378 - Flags: 1575/128]
Wed 2023-02-15 20:58:45.0892    Scan Results: Files Scanned: 77957, Duration: 1m 15s, Malicious Files: 0
Wed 2023-02-15 20:58:47.0504    Scan Finished: [ID: 378 - Seq: 2147000000]
Wed 2023-02-15 21:36:15.0792    User process connected successfully from PID 0, Session 0
Wed 2023-02-15 21:51:19.0762    Genesis shutdown initiated
Wed 2023-02-15 21:51:24.0054    Configuration Saved: CSCS5C520F9B476AB6738550929B938E8D80,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,00111,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E1,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00614,00624,00634,00641,00654,00664,00674,00681,00694,006A4,006B4,006C1,006D4,006E4,006F4,00701,00714,00724,00734,00741,00754,00764,00774,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B51,00B61,00B71,00B80,00B90,00BA0,00BB1,00BC3,00BD0,00BE0,00BF0,00C00,00C10,
Wed 2023-02-15 21:51:24.0054    <<< Service shut down successfully. Uptime: 1279 minute(s)
Wed 2023-02-15 21:52:05.0407    WF Configuration : 0x1F7
Wed 2023-02-15 21:52:05.0466    SCC version: 1.3.0.119
Wed 2023-02-15 21:52:05.0482    SCC version: 1.5.0.49
Wed 2023-02-15 21:52:05.0482    Genesis startup initiated
Wed 2023-02-15 21:52:05.0540    >>> Service started [v9.0.33.35]
Wed 2023-02-15 21:52:05.0540    Version state: PBN: 09002123, DBN: 0900211a, HVN: $Revision: #89 $
Wed 2023-02-15 21:52:05.0541    Connecting to 84 - 84
Wed 2023-02-15 21:52:05.0613    User process connected successfully from PID 0, Session 0
Wed 2023-02-15 21:52:05.0620    User process connected successfully from PID 13164, Session 1
Wed 2023-02-15 21:52:06.0555    ScriptShield active config: 2S(2) yes, SR(2) yes, SSH yes, FLR no, RUD yes, SDE(2) yes, DSR no, DQT 65536, MFS 250, USE yes, UNR no
Wed 2023-02-15 21:52:06.0780    Agent Bits : 72057594037927941
Wed 2023-02-15 21:52:07.0086    Global Data: GCV: 1.0, $Revision: #111 $, GCS: 0x00000009
Wed 2023-02-15 21:52:07.0086    FCS mode: FMO (GC2: 0)
Wed 2023-02-15 21:52:07.0086    GNS m: yes, SCC l: yes
Wed 2023-02-15 21:52:07.0087    SA Flags: HW:1, SW:0
Wed 2023-02-15 21:52:07.0087    Global Data: GCV: 1.0, $Revision: #111 $, GCS: 0x00000009
Wed 2023-02-15 21:52:07.0087    ScriptShield active config: 2S(2) yes, SR(2) yes, SSH yes, FLR no, RUD yes, SDE(2) yes, DSR no, DQT 65536, MFS 250, USE yes, UNR no
Wed 2023-02-15 21:52:07.0119    ELAM applicable: yes, driver present yes, driver registered yes, PPL: yes, PPL configured: yes, mandated: yes
Wed 2023-02-15 21:52:09.0402    Version state: PBN: 09002123, DBN: 0900211a, HVN: $Revision: #90 $
Wed 2023-02-15 21:53:06.0181    Genesis is running
Thu 2023-02-16 00:34:13.0249    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Thu 2023-02-16 00:34:13.0249    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Thu 2023-02-16 00:34:13.0250    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Thu 2023-02-16 00:34:13.0256    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Thu 2023-02-16 00:34:13.0256    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Thu 2023-02-16 01:01:59.0160    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Thu 2023-02-16 01:01:59.0160    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Thu 2023-02-16 01:01:59.0161    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Thu 2023-02-16 01:01:59.0164    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Thu 2023-02-16 01:01:59.0164    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Thu 2023-02-16 01:02:24.0970    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Thu 2023-02-16 01:02:24.0970    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Thu 2023-02-16 01:02:24.0970    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Thu 2023-02-16 01:02:24.0970    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Thu 2023-02-16 01:02:24.0970    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Thu 2023-02-16 01:13:38.0960    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Thu 2023-02-16 01:13:38.0960    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Thu 2023-02-16 01:13:38.0960    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Thu 2023-02-16 01:13:38.0960    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Thu 2023-02-16 01:13:38.0960    Monitoring process C:\ProgramData\BOINC\slots\2\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Thu 2023-02-16 10:49:41.0193    Saved updated configuration
Thu 2023-02-16 10:54:14.0217    Saved updated configuration
Thu 2023-02-16 10:54:16.0787    Saved updated configuration
Thu 2023-02-16 10:54:19.0072    Saved updated configuration
Thu 2023-02-16 10:57:54.0590    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Thu 2023-02-16 10:57:54.0591    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:57:54.0592    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:57:54.0598    Determination flags modified: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll - UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes, Flags: 00000020
Thu 2023-02-16 10:57:54.0600    Performing cleanup entry: 1
Thu 2023-02-16 10:57:54.0611    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Thu 2023-02-16 10:57:54.0611    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:57:54.0613    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:57:54.0644    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:57:54.0699    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0120    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Thu 2023-02-16 10:58:00.0120    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0120    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0135    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0278    Infection detected: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [SHA256: ACE5DD6D629AE5507387F8A57458828EC06E74BDF21A0143C5CADC507BDB247C] [MD5: CE8B754CC3A6BABA8FB488876083E136] [3/00090021] [(null)]
Thu 2023-02-16 10:58:00.0279    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0280    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0282    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0397    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0409    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0411    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:00.0412    File blocked in realtime: C:\Users\haiwe\Desktop\Tor Browser\Browser\xul.dll [UniqueID: 6DDDE5AC, MD5: CE8B754CC3A6BABA8FB488876083E136, Size: 140321280 bytes] [589857/00000003] [(null)]
Thu 2023-02-16 10:58:09.0338    Performing cleanup entry: 3
Thu 2023-02-16 10:58:09.0858    Scan Started:  [ID: 379 - Flags: 1575/128]
Thu 2023-02-16 10:59:34.0437    Connected to C16
Thu 2023-02-16 10:59:34.0903    Scan Results: Files Scanned: 68494, Duration: 1m 24s, Malicious Files: 0
Thu 2023-02-16 10:59:36.0794    Scan Finished: [ID: 379 - Seq: 374957968]
Thu 2023-02-16 11:00:45.0893    Scan Started:  [ID: 380 - Flags: 551/16]
Thu 2023-02-16 11:02:28.0758    Scan Results: Files Scanned: 68828, Duration: 1m 42s, Malicious Files: 0
Thu 2023-02-16 11:02:29.0801    Scan Finished: [ID: 380 - Seq: 2147000000]
Thu 2023-02-16 11:05:54.0871    Scan Started:  [ID: 381 - Flags: 1575/128]
Thu 2023-02-16 11:08:16.0149    Scan Results: Files Scanned: 69151, Duration: 2m 21s, Malicious Files: 0
Thu 2023-02-16 11:08:16.0878    Scan Finished: [ID: 381 - Seq: 374958490]
Fri 2023-02-17 10:01:08.0420    Scan Started:  [ID: 382 - Flags: 1575/0]
Fri 2023-02-17 10:02:09.0255    Scan Results: Files Scanned: 67023, Duration: 1m 0s, Malicious Files: 0
Fri 2023-02-17 10:02:09.0517    Scan Finished: [ID: 382 - Seq: 375040920]
Sat 2023-02-18 07:55:27.0962    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Sat 2023-02-18 07:55:27.0962    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Sat 2023-02-18 07:55:27.0971    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Sat 2023-02-18 07:55:27.0971    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Sat 2023-02-18 07:55:27.0971    Monitoring process C:\ProgramData\BOINC\slots\0\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Sat 2023-02-18 09:22:27.0761    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Sat 2023-02-18 09:22:27.0761    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Sat 2023-02-18 09:22:27.0761    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Sat 2023-02-18 09:22:27.0776    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Sat 2023-02-18 09:22:27.0776    Monitoring process C:\ProgramData\BOINC\slots\1\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Sat 2023-02-18 10:01:06.0109    Scan Started:  [ID: 383 - Flags: 1575/0]
Sat 2023-02-18 10:02:20.0703    Scan Results: Files Scanned: 74941, Duration: 1m 14s, Malicious Files: 0
Sat 2023-02-18 10:02:20.0989    Scan Finished: [ID: 383 - Seq: 375127342]
Sat 2023-02-18 10:33:28.0035    Monitoring process C:\ProgramData\BOINC\slots\3\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 4 (28352)
Sat 2023-02-18 10:33:28.0035    Monitoring process C:\ProgramData\BOINC\slots\3\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 5 (28352)
Sat 2023-02-18 10:33:28.0035    Monitoring process C:\ProgramData\BOINC\slots\3\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 7 (28352)
Sat 2023-02-18 10:33:28.0035    Monitoring process C:\ProgramData\BOINC\slots\3\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 8 (28352)
Sat 2023-02-18 10:33:28.0035    Monitoring process C:\ProgramData\BOINC\slots\3\bin\cmdock.exe [B670A4E087CFDA35FCEAEB54E79F4033]. Type: 6 (28352)
Sun 2023-02-19 20:25:19.0653    Scan Started:  [ID: 384 - Flags: 1575/0]
Sun 2023-02-19 20:26:38.0123    Scan Results: Files Scanned: 64690, Duration: 1m 18s, Malicious Files: 0
Sun 2023-02-19 20:26:38.0407    Scan Finished: [ID: 384 - Seq: 375251196]
Mon 2023-02-20 21:25:26.0780    Scan Started:  [ID: 385 - Flags: 1575/0]
Mon 2023-02-20 21:27:43.0077    Scan Results: Files Scanned: 72696, Duration: 2m 16s, Malicious Files: 0
Mon 2023-02-20 21:27:43.0396    Scan Finished: [ID: 385 - Seq: 375341259]
Tue 2023-02-21 15:59:31.0706    Saved the product log to C:\Users\haiwe\Downloads\scan1.log

Userlevel 7
Badge +63

Hi @haiweepp Did you get in touch with support as the log shows many issues so its best they look at it to see if there was any true infections or files need to be whitelisted in the Webroot Cloud Database!

 

Thanks,

Reply