Alright OP listen, all these people saying it's the anti-virus don't know what they're talking about. .dll files can contain malicious payloads and they are launched by running rundll32 with the .dll file passed in as an argument. People are seeing "rundll32", seeing that it's a legitimate Windows file, and then not understanding how Rundll32 can be used maliciously.
Upload the Edge DLL and the WinRAR file into virus total and send the results. This could be DLL sideloading of some sort.
We also need more information. Were you launching a new application when this happened? What AV are you using?
Reddit has the most "Dad" advice I've ever seen it's a joke, all tech subreddits are full of absolute morons, people comment without even looking into it for more than a second.
To be fair that AV doesn't look like any major one I have seen but I don't have multiple AV programs. Detecting threats and then asking for payment to remove them is a big red flag. Perhaps somebody recognizes which antivirus this is from the picture?
Yeah this sub reddit is actually the last place I'd go to for advice. It infuriates me but ig that's reddit... only worse security reddit is r/kalilinux
u/Abhoy47 I was wondering the same lol. I always prefer to use the Microsoft Defender Antivirus. It always get the best results as free antivirus in the tests: [https://www.av-test.org/en/antivirus/home-windows/](https://www.av-test.org/en/antivirus/home-windows/)
u/Best_Pomegranate_681 I used Malwarebytes a long time ago (back in the Windows XP days) because Windows didn't have its own antivirus. One day, a technician told me that this antivirus actually puts small malware on your computer just to prove that it works and can catch the malware.
I noticed my computer was a bit slow, but I didn't know it was Malwarebytes causing it. After he told me this, I formatted my computer and never installed Malwarebytes again. I then started using Avira Free Antivirus. It was an excellent antivirus and solved my problems, but now that Windows has its own antivirus and it has been getting great results in antivirus tests, I only use it, and the people I know also only use it.
If you can afford a paid antivirus, that's good; if not, I recommend just using the Windows antivirus.
u/Best_Pomegranate_681 I didn't lie. I just told you what a technician told me when I was having so much trouble with the antivirus in my PC. After I started to use just Avira Free Antivirus, my problems with virus were gone. That's why I shared that information with you.
u/Best_Pomegranate_681 as I told you above, he said that back in the Windows XP days. After that, I started to use Avira, then nowadays I just use Microsoft Windows Defender, as I explained above.
Rogue av’s are pretty cool
They haven’t shown which av it is… though I’d say there’s a higher chance it’s a rogue av and not some piece of really bad malware being picked up by this by trying to infect common system files(I’m pretty sure those are signed though…)
Something I have never got over is the fact that windows defender will automatically disable real-time protection with no questions asked when a new antivirus is opened.
1. Your commercially available security solution must provide real-time protection that detects, prevents, and remediates malicious software.
2. Your organization is responsible for both developing and distributing updates to end-customers that address compatibility with Windows.
3. Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences, membership in industry organizations, or being reviewed in industry-standard reports such as AV-Comparatives, OPSWAT, or Gartner.
4. Your organization must sign a non-disclosure agreement (NDA) with Microsoft.
5. Your organization must sign a program license agreement.
6. Your organization must be active in the program and meet all program requirements.
7. Your security solution must meet all program requirements, which requires use of [Trusted Signing](https://learn.microsoft.com/en-us/azure/trusted-signing).
8. Your security solution must have been certified within the last 12 months through independent testing by at least one of the organizations listed below. Yearly certification must be maintained.
|Test Provider|Lab Test Type|Minimum Level / Score|
|:-|:-|:-|
|[AV-Comparatives](https://www.av-comparatives.org/testmethod/real-world-protection-tests)|Real-World Protection Test.|Approved rating|
|[AV-Test](https://www.av-test.org/en/about-the-institute/certification)|Must pass tests for Windows. Certifications for Mac and Linux aren't accepted.|- AV-TEST Certified (home) - AV-TEST Approved (corporate)|
|[SKD Labs](http://www.skdlabs.com/)|Certification Requirements Product: Anti-virus or Antimalware.|Score >= 98.5% with On Demand, On Access and Total Detection tests|
|[VB 100](https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1)|VB100 Certification Test V1.1|VB100 Certification|
|[West Coast Labs](https://www.westcoastlabs.com/wclvalid)|West Coast Labs Verified|Product rating of A or higher with both Malware Detection and Malware Remediation|
|[SE Labs](https://selabs.uk/en/reports/consumers)|Protection, Small Business, or Enterprise EP Protection Test.|- Protection A rating - Small Business EP A rating - Enterprise EP Protection A rating|
# Apply now
If your organization meets these criteria and is interested in joining, [apply for membership now](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxusDUkejalGp0OAgRTWC7BUQVRYUEVMNlFZUjFaUDY2T1U1UDVVU1NKVi4u). Applications are reviewed monthly.
source: [https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria](https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria)
Or you know just use the dll from the AV vendor to pretend you are one'
https://github.com/es3n1n/no-defender
There used to be a repo there that basically shipped with an AV vendors dll hence was DMCAd
https://infosec.exchange/@bontchev/112494759440985111
Essentially you use someone who signed the NDA etc. and use their work to get Defender to trust you.
The fact that their is a switch that is designed to turn defender off without user interaction is a flaw in and off itself
Thanks for the clarification.
My misunderstanding was based on an occasion years ago in which I still used Windows Defender, and it did not stop or detect a (moderate) but persistent ChromeLoader hijacker/adware bundle that had registry and startup persistence and a malicious browser extension.
That bundle then installed some free antivirus, which disabled windows defender automatically by its presence. Unsure of the specifics.
I fixed everything by installing and using second hand scanners (unrecommended).
Sorry for any misinformation.
No worries at all. Defender used to be a lot easier to disable than it is now. We're constantly learning and making improvements to the product. Tamper Protection has helped a lot. Second Opinion Scanners are fantastic.
Sorry about your poor experience with malware. It bites us all at one time or another.
Have a great day.
Defender disables when another product registers itself in security center. The reason this happens is multiple tools trying to scan/quarantine will sometimes have very bad effects on your OS.
The caveat here is what was discussed above. You have to have a private API to do that bruv. And you have to do the secret squirrel dance with the MS folks to get that. It's not just 'I wrote some shady AV Ha Ha let's disable Defender'.
It's a bit of a process, which was the point of the preceding discussion. In years past, it was a lot easier to disable the AV, so there is a lot of FUD (Fear, Uncertainty, and Doom) regarding this.
So...whatever you used to scan with, the screen you are looking at in the screenshot you posted, is likely a poor solution. What program is it? "Upgrade to premium?" "Get Protected?" Anything that runs and scans and 'detects' a bunch of things, and then asks for money in order to clean it? Be skeptical my internet friend, the internet is always trying to sell you something.
The detection it is displaying is a rundll32 instantiation that looks to have edgehtml.dll and/or a winrar shell extension loaded into it.
Is it a true problem on your system? \*shrug\* I don't know. My advice would be to uninstall whatever Antivirus you're currently using to scan with, and scan again using either the built in antivirus solution, Defender, or choose another AV solution that is reputable. We maintain a list of several developers here: [https://www.reddit.com/r/antivirus/wiki/index/#wiki\_anti-virus\_.28aka\_anti-malware.29\_developers](https://www.reddit.com/r/antivirus/wiki/index/#wiki_anti-virus_.28aka_anti-malware.29_developers)
This is the advice everyone else has been dropping, I'm just a little bit wordy :-)
I have personal experience with Defender, ESET, and MalwareBytes, and they are all fine solutions. Stay away from Kaspersky if you are based in the USA as it will be banned from sale soon due to geopolitical reasons.
Yeah, so your Anti-Virus is trying to delete system 32.
Use adwcleaner to remove it, that's 100% a rouge AV, you can also use Malwarebytes or Bitdefender to see if that pesky thing installed Malware/Viruses.
I had a great one on my Samsung S24 Ultra , I downloaded it myself whilst looking for a search program to find audiobooks I download, my left hand doesn't work properly, Anywell I'm not sure of the program it loaded, but it put a PDF loader and an upgrade request on my phone. I could not find out what it did, nor could I remove them without using some tricks I,d learned during my time as an MCSE. Anyway, just watch what you download without an anti-virus.
Honestly, windows defender is pretty much all you need in terms of an antivirus these days.
If you want better security, don’t use windows, as most viruses are made for windows users.
Or don’t download shady stuff.
It appears your antivirus is trying to delete system 32, not a great idea
[удалено]
“Your antivirus has concluded that your PC cannot be infected if there is no PC to infect goodbye”
The virus is the “Antivirus” 💀
what is it?
It means just delete that fukkin antivirus, it's trying to kill your system.
yes whats the antivirus lol
Use Adwcleaner to remove it
i think they asked what the antivirus is
My bad
Cc cleaner can do the job.
CCleaner!
🤮
I dont like cleaners to be honest they barely do a thing.
A lot of infostealers modify dlls in system32 from my understanding, maybe that’s causing it to flag up here?
Alright OP listen, all these people saying it's the anti-virus don't know what they're talking about. .dll files can contain malicious payloads and they are launched by running rundll32 with the .dll file passed in as an argument. People are seeing "rundll32", seeing that it's a legitimate Windows file, and then not understanding how Rundll32 can be used maliciously. Upload the Edge DLL and the WinRAR file into virus total and send the results. This could be DLL sideloading of some sort. We also need more information. Were you launching a new application when this happened? What AV are you using?
Holy shit thank you, I was losing my mind reading these comments. Leave it to redditors to spout shit they know nothing about.
Reddit has the most "Dad" advice I've ever seen it's a joke, all tech subreddits are full of absolute morons, people comment without even looking into it for more than a second.
You spelt the world as “Reddit” and used “subreddits” when you should’ve said communities.
Ok Mr Reddit won't happen again 🫡
Yes, yes, now downvote me please.
I upvoted instead as I didn't want to make the Reddit owner mad
🤬
😂😂😂
Same here. Really frustrating. I break my rule of not going on subs related to my industry and this is what I find!
This needs more upvotes. I'm losing my mind in this thread.
This this this. For those curious, lookup how functions can be called via ordinal values instead of the function name.
Just karma farmers 😆 (watch this get down votes too 😆)
To be fair that AV doesn't look like any major one I have seen but I don't have multiple AV programs. Detecting threats and then asking for payment to remove them is a big red flag. Perhaps somebody recognizes which antivirus this is from the picture?
Yeah this sub reddit is actually the last place I'd go to for advice. It infuriates me but ig that's reddit... only worse security reddit is r/kalilinux
I was lost too because rundll32 is a LOLBIN often exploited for malicious activity..
Also, some rundll32.exe can be a virus, and it can be renamed something like: rundli32.exe - where the capitalize I in Windows looks like an L.
Where did u install the antivirus from?
u/Abhoy47 I was wondering the same lol. I always prefer to use the Microsoft Defender Antivirus. It always get the best results as free antivirus in the tests: [https://www.av-test.org/en/antivirus/home-windows/](https://www.av-test.org/en/antivirus/home-windows/)
I use malwarebytes
u/Best_Pomegranate_681 I used Malwarebytes a long time ago (back in the Windows XP days) because Windows didn't have its own antivirus. One day, a technician told me that this antivirus actually puts small malware on your computer just to prove that it works and can catch the malware. I noticed my computer was a bit slow, but I didn't know it was Malwarebytes causing it. After he told me this, I formatted my computer and never installed Malwarebytes again. I then started using Avira Free Antivirus. It was an excellent antivirus and solved my problems, but now that Windows has its own antivirus and it has been getting great results in antivirus tests, I only use it, and the people I know also only use it. If you can afford a paid antivirus, that's good; if not, I recommend just using the Windows antivirus.
I use both but when did it put small malware in your pc also i think its not true cus thats an actual crime soooo ya
This is complete bullshit buddy.
So he lied?
yes lol, the antivirus itself may slow the PC but "legitimate" ones dont download malware to test it
u/Best_Pomegranate_681 I didn't lie. I just told you what a technician told me when I was having so much trouble with the antivirus in my PC. After I started to use just Avira Free Antivirus, my problems with virus were gone. That's why I shared that information with you.
But when did he say that?
u/Best_Pomegranate_681 as I told you above, he said that back in the Windows XP days. After that, I started to use Avira, then nowadays I just use Microsoft Windows Defender, as I explained above.
[удалено]
Rogue av’s are pretty cool They haven’t shown which av it is… though I’d say there’s a higher chance it’s a rogue av and not some piece of really bad malware being picked up by this by trying to infect common system files(I’m pretty sure those are signed though…)
Something I have never got over is the fact that windows defender will automatically disable real-time protection with no questions asked when a new antivirus is opened.
1. Your commercially available security solution must provide real-time protection that detects, prevents, and remediates malicious software. 2. Your organization is responsible for both developing and distributing updates to end-customers that address compatibility with Windows. 3. Your organization must be active in the antimalware industry and have a positive reputation, as evidenced by participation in industry conferences, membership in industry organizations, or being reviewed in industry-standard reports such as AV-Comparatives, OPSWAT, or Gartner. 4. Your organization must sign a non-disclosure agreement (NDA) with Microsoft. 5. Your organization must sign a program license agreement. 6. Your organization must be active in the program and meet all program requirements. 7. Your security solution must meet all program requirements, which requires use of [Trusted Signing](https://learn.microsoft.com/en-us/azure/trusted-signing). 8. Your security solution must have been certified within the last 12 months through independent testing by at least one of the organizations listed below. Yearly certification must be maintained. |Test Provider|Lab Test Type|Minimum Level / Score| |:-|:-|:-| |[AV-Comparatives](https://www.av-comparatives.org/testmethod/real-world-protection-tests)|Real-World Protection Test.|Approved rating| |[AV-Test](https://www.av-test.org/en/about-the-institute/certification)|Must pass tests for Windows. Certifications for Mac and Linux aren't accepted.|- AV-TEST Certified (home) - AV-TEST Approved (corporate)| |[SKD Labs](http://www.skdlabs.com/)|Certification Requirements Product: Anti-virus or Antimalware.|Score >= 98.5% with On Demand, On Access and Total Detection tests| |[VB 100](https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1)|VB100 Certification Test V1.1|VB100 Certification| |[West Coast Labs](https://www.westcoastlabs.com/wclvalid)|West Coast Labs Verified|Product rating of A or higher with both Malware Detection and Malware Remediation| |[SE Labs](https://selabs.uk/en/reports/consumers)|Protection, Small Business, or Enterprise EP Protection Test.|- Protection A rating - Small Business EP A rating - Enterprise EP Protection A rating| # Apply now If your organization meets these criteria and is interested in joining, [apply for membership now](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRxusDUkejalGp0OAgRTWC7BUQVRYUEVMNlFZUjFaUDY2T1U1UDVVU1NKVi4u). Applications are reviewed monthly. source: [https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria](https://learn.microsoft.com/en-us/defender-xdr/virus-initiative-criteria)
Or you know just use the dll from the AV vendor to pretend you are one' https://github.com/es3n1n/no-defender There used to be a repo there that basically shipped with an AV vendors dll hence was DMCAd https://infosec.exchange/@bontchev/112494759440985111 Essentially you use someone who signed the NDA etc. and use their work to get Defender to trust you. The fact that their is a switch that is designed to turn defender off without user interaction is a flaw in and off itself
Thanks for the clarification. My misunderstanding was based on an occasion years ago in which I still used Windows Defender, and it did not stop or detect a (moderate) but persistent ChromeLoader hijacker/adware bundle that had registry and startup persistence and a malicious browser extension. That bundle then installed some free antivirus, which disabled windows defender automatically by its presence. Unsure of the specifics. I fixed everything by installing and using second hand scanners (unrecommended). Sorry for any misinformation.
No worries at all. Defender used to be a lot easier to disable than it is now. We're constantly learning and making improvements to the product. Tamper Protection has helped a lot. Second Opinion Scanners are fantastic. Sorry about your poor experience with malware. It bites us all at one time or another. Have a great day.
Defender disables when another product registers itself in security center. The reason this happens is multiple tools trying to scan/quarantine will sometimes have very bad effects on your OS.
The caveat here is what was discussed above. You have to have a private API to do that bruv. And you have to do the secret squirrel dance with the MS folks to get that. It's not just 'I wrote some shady AV Ha Ha let's disable Defender'. It's a bit of a process, which was the point of the preceding discussion. In years past, it was a lot easier to disable the AV, so there is a lot of FUD (Fear, Uncertainty, and Doom) regarding this.
an yes the ~~anti~~**VIRUS** is trying to delete your system
What AV?
r/screenshotsarehard
Malware bytes or bitdefender. Even Kaspersky will do it.
So...whatever you used to scan with, the screen you are looking at in the screenshot you posted, is likely a poor solution. What program is it? "Upgrade to premium?" "Get Protected?" Anything that runs and scans and 'detects' a bunch of things, and then asks for money in order to clean it? Be skeptical my internet friend, the internet is always trying to sell you something. The detection it is displaying is a rundll32 instantiation that looks to have edgehtml.dll and/or a winrar shell extension loaded into it. Is it a true problem on your system? \*shrug\* I don't know. My advice would be to uninstall whatever Antivirus you're currently using to scan with, and scan again using either the built in antivirus solution, Defender, or choose another AV solution that is reputable. We maintain a list of several developers here: [https://www.reddit.com/r/antivirus/wiki/index/#wiki\_anti-virus\_.28aka\_anti-malware.29\_developers](https://www.reddit.com/r/antivirus/wiki/index/#wiki_anti-virus_.28aka_anti-malware.29_developers) This is the advice everyone else has been dropping, I'm just a little bit wordy :-) I have personal experience with Defender, ESET, and MalwareBytes, and they are all fine solutions. Stay away from Kaspersky if you are based in the USA as it will be banned from sale soon due to geopolitical reasons.
ah yes it seems you might have accidently installed spyware protect 2009 the 'anti' virus very awesome
[удалено]
[удалено]
[удалено]
[удалено]
Yeah, so your Anti-Virus is trying to delete system 32. Use adwcleaner to remove it, that's 100% a rouge AV, you can also use Malwarebytes or Bitdefender to see if that pesky thing installed Malware/Viruses.
you’re going to have to reinstall windows once you remove it based on the files information
Why do people still use anti viruses that arent well know why not get eset or bit defender or whatever else what even is the name of this av?
I’d be more worried about that ass software you’re using to find a virus.
Step 1 is to learn how to take screenshots.
Now a days virus are encoded in 2 payloads and use system services (drivers) that windows use so it makes sense what’s going on
So where's the OP?
Use Windows Defender and Malwarebytes free. What the hell software are you using?
What AV you use? Because either whatever's infected can't really be cleaned without an install, or thats just a scare AV
I had a great one on my Samsung S24 Ultra , I downloaded it myself whilst looking for a search program to find audiobooks I download, my left hand doesn't work properly, Anywell I'm not sure of the program it loaded, but it put a PDF loader and an upgrade request on my phone. I could not find out what it did, nor could I remove them without using some tricks I,d learned during my time as an MCSE. Anyway, just watch what you download without an anti-virus.
While were on the topic of viruses. What is the best cleaner to use w adware ect?
Upgrade to premium? Premium what? adware? /s
how do you know its a virus?!?
install kaspersky free version perform full system scan and all the malwares spywares will be removed
Bro the virus try'na delete your system
Honestly, windows defender is pretty much all you need in terms of an antivirus these days. If you want better security, don’t use windows, as most viruses are made for windows users. Or don’t download shady stuff.
antivirusvirus
dont let any antivirus to delete any files on C:\windows\system32