Safety Scanner won't finish - Am I actually infected??

BlondiiX369 21 Reputation points
2021-01-28T04:43:52.333+00:00

My system is acting like its infected, constantly having random problems throughout the day. My connection randomly drops while browsing the web but will reconnect and refresh the pages within seconds.

I use Acronis True Image security and protection but Windows Defender will randomly notify me that I'm not protected (I assumed because Acronis disables the live-protection thing that Defender offers). I disabled Acronis Protection and THEN I opened up Windows Security and it said 'True Image Protection is out of date', gives me an option to update it but pushing the button does absolutely nothing and there's nothing about the needed update from the Acronis dashboard. The help site told me to check the connections so I did what it said to and did a ping test with <hostname> & <ip> which were fine. Next went to windows event logs and checked the 'Audit Failures' where I found this reoccurring event since the 24th:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 1/24/2021 12:40:06 PM
Event ID: 5038
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Description:
Code integrity determined that the image hash of a file is not valid.
The file could be corrupt due to unauthorized modification or
the invalid hash could indicate a potential disk device error.
` File Name: \Device\HarddiskVolume3\Program
Files\Acronis\CyberProtect\remediation.exe

I ran a SetupDiag scan last night and going through the logs from 24th when I did a complete Win10 reinstall, I noticed some URL's and log stated files were being transferred from. I tried looking up the URL's and Edge warned me that my connection was not private and that I should not continue... not really sure what's up with that, I'd love for someone to skim through it and see if anything sticks out as suspicious or odd.

Trying to now run the Microsoft Safety Scanner & just like the Storage Sense clean option, It has stopped while scanning C:\WINDOWS\sysWOW64\cmd.exe Its been like this for about 25 minutes now. Why are these things not able to scan all the way through like theyre intended to?? Am I infected or is it a problem with Acronis? This is exhausting and driving me insane...61223-screenshot-3-li.jpg

Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,912 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,737 questions
0 comments No comments
{count} votes

Accepted answer
  1. Joy Qiao 4,891 Reputation points Microsoft Employee
    2021-01-29T02:52:51.003+00:00

    Hi,

    " I disabled Acronis Protection and THEN I opened up Windows Security and it said 'True Image Protection is out of date', gives me an option to update it"

    We recommend to contact with Acronis support to check if they have any resource for it or if they have update version for their product.

    If you suspect you got infected, we could run Windows Defender to perform a full scan. We should update system through Settings\update & security\Windows Update before scan to make sure you have latest version for Windows Defender, You also could disable Acronis temporarily before full scan.

    61635-capture.png

    Bests,

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Debra Breeden 1 Reputation point
    2021-01-28T05:04:30.457+00:00

    The security scanner takes a hash of files and compares them to known, good hashes. The fact that the current hash doesn't match means that the file is corrupt in some manner. You should try to get a known good replacement for that file that is alerting on your scanner: File Name: \Device\HarddiskVolume3\Program
    Files\Acronis\CyberProtect\remediation.exe. This seems to be clear.
    Other possible causes:
    Since you are having issues in the security scan with unrelated files, it is possible you have bad sectors or blocks on your disk, and that it is about to fail on you.
    You could be close to maximum capacity on your drive, and there might not be "room" enough left for the scan to work. Check your drive's empty space. This often happens if you have a small drive where your OS is stored, and the periodic Windows update downloads and fills up remaining space, and doesn't leave enough room for the update action. Can occur on devices with disks smaller than 100GB, for instance.
    Finally, as always, check to make sure that you are up-to-date with your OS. You may well have the most current updates downloaded, but not installed, for reason of lack of working space.

    0 comments No comments