Surprise!
There are some extra modules!
Paths are pointing to the antivirus (see below). That is what I would call a virus - a program that is hooking itself to other programs. I can't believe it!
So I started to google my findings, and yes, they do it. Antivirus is a virus. It is manipulating my (and any other) program, slowing it down! Performing who knows what actions - could be sending some data over the internet or collecting user behavior.
That would not be my business, one can say, as the user has installed this software himself. But they do it as me, using my process ID! So how do I explain this to my users, especially if I don't know what exactly happens?
Here is someone collecting information about hooking, which I found on Github: https://github.com/ethereal-vx/Antivirus-Artifacts
Someone else is fighting back: https://breakdev.org/defeating-antiviru ... he-inside/
Check inside your own logs:
- pop-up the window's "RUN" dialog, by pressing [windows-key] and R
- enter %APPDATA%/ZofzPCB/ZofzDebugLogFile.txt and press return
- A text editor should pop up, showing the ZofzPCB log
- Search for a line of stars ***********************
- That is the start of the program. You will see some basic information about the program version, CPU, etc. Then below, there will be a list of modules. In my case, lines 5 and 6 show the antivirus hooked code.
Code: Select all
0x00007FF7867A0000 0x00335000, 0x00007FF7867F7980 C:\Program Files\ZofzPCB\ZofzPCB\Gerber3D.exe
0x00007FFBF0910000 0x001F5000, 0x0000000000000000 C:\Windows\SYSTEM32\ntdll.dll
0x00007FFBEFF80000 0x000BD000, 0x00007FFBEFF970D0 C:\Windows\System32\KERNEL32.DLL
0x00007FFBEE020000 0x002CD000, 0x00007FFBEE030710 C:\Windows\System32\KERNELBASE.dll
0x00007FFBC61B0000 0x000C9000, 0x00007FFBC61BB780 C:\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_265693076916666697\bdhkm64.dll
0x00007FFBC3A60000 0x00123000, 0x00007FFBC3A6DDB0 C:\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_265936398135507842\atcuf64.dll
0x00007FFBEF0A0000 0x001A0000, 0x00007FFBEF0B7F30 C:\Windows\System32\USER32.dll
0x00007FFBEE3C0000 0x00022000, 0x0000000000000000 C:\Windows\System32\win32u.dll
0x00007FFBEF320000 0x0002A000, 0x00007FFBEF3248D0 C:\Windows\System32\GDI32.dll
0x00007FFBEE5F0000 0x0010B000, 0x00007FFBEE61FE90 C:\Windows\System32\gdi32full.dll
0x00007FFBEE320000 0x0009D000, 0x00007FFBEE335390 C:\Windows\System32\msvcp_win.dll
0x00007FFBEE4F0000 0x00100000, 0x00007FFBEE506110 C:\Windows\System32\ucrtbase.dll
0x00007FFBEEDE0000 0x000AE000, 0x00007FFBEEDF56F0 C:\Windows\System32\ADVAPI32.dll
0x00007FFBF0790000 0x0009E000, 0x00007FFBF0797850 C:\Windows\System32\msvcrt.dll
0x00007FFBF0830000 0x0009C000, 0x00007FFBF084CE10 C:\Windows\System32\sechost.dll
0x00007FFBEE960000 0x00125000, 0x00007FFBEE9BF240 C:\Windows\System32\RPCRT4.dll
0x00007FFBF0040000 0x00744000, 0x00007FFBF0151350 C:\Windows\System32\SHELL32.dll
0x00007FFBEEEF0000 0x0012A000, 0x00007FFBEEF16360 C:\Windows\System32\ole32.dll
0x00007FFBEF840000 0x00354000, 0x00007FFBEF935240 C:\Windows\System32\combase.dll
0x00007FFBEEC20000 0x00055000, 0x00007FFBEEC2A7A0 C:\Windows\System32\SHLWAPI.dll
0x00007FFBE9B40000 0x00007000, 0x00007FFBE9B41170 C:\Windows\SYSTEM32\MSIMG32.dll
0x00007FFBD12F0000 0x004D6000, 0x00007FFBD13CC6A0 C:\Windows\SYSTEM32\WININET.dll