Windows 10: Why is uhssvc.exe flagged as malicious?

I've been exploring autoruns by Microsoft's Sysinternal suite. Some of Microsoft entries are not verified in Autoruns. Then I checked with VirusTotal. All are clean except for uhssvc.exe, the Microsoft Update Health Tools. The Digital signatures is OK and the signer is Microsoft Windows. I'm curious if that's a false positive or am i being infected. https://www.virustotal.com/gui/file/864d7f3b1b6e95061de663b1e249ffd2cd97f8f5f87a2a20d29cbccbb3e429dd/detection

:)

 

OneDriveUpdateTask.exe being flagged as malicious

Hello, my PC is constantly executing the file "OneDriveUpdateTask.exe", which is creating temporary files that are being flagged as malicious by my antivirus software. I'm not sure if these are actually malicious or false flagged. Thank you for your time.

 

system32 DLLs flagged as malicious

I downloaded Autoruns to help me identify malware on my computer. My computer is experiencing incoming and outgoing connections to IPs that are flagged as malicious by Virustotal and/or AbuseIPDB. In addition to dropped connections.

Initially 14 microsoft files were flagged as malicious by Virustotal.

Msiexec.exe. Trojan.generic.c1.70. sangfor engine zero.

ipsecsvc.dll.malicious

Rasmans.dll. malicious. SecureAge

Scardsvr.dll. malicious

Schedsvc.dll.malicious

Sessenv.dll. malicious

umrdp.dll. malicious

Workfoldersshell.dll. malicious

gatherNetworkInfo.vbs. McAfee-GW-edition. BehavesLike.VBS.backdoor.mp.

Appxdeploymentservrr.dll. malicious

Bcastdvruserservice.dll. malicious

dcsvc.dll. malicious

ngccredprov.dll. malicious

Updatepolicy.dll. malicious

Here is the interesting part. I did a reformat and windows 10 pro 21H2 install. 9 of the above had no detections post install. gathernetworkinfo.vbc, ipsecsvc.dll, ngccredprov.dll were malicious. Three new dlls were flagged: installservicetasks.fll, smsroutersvc.dll, & xblauthmanager.dll. dcsvc.dll disappeared. I forgot to check updatepolicy.dll. I thought this is great progress. I discovered 21H2 19044.1288 was

not the latest so I upgraded in place to 22H2. I thought after this upgrade there would be no more detections.

After updates my current version is 22H2 19045.3208. Here is the bad news. 9 dlls that had no detections now have detections. Sessenv.dll still has no detection. Smsroutersvc.dll, xblauthmanager.dll, and installservicetasks.dll no longer have any detections. Updatepolicy.dll has no detection. Gathernetworkinfo.vbs , ipsecsvc.dll, and ngccredprov.dll still have detections. These results seem to rule out false positive.

I need clean versions of the dlls. There may be more dlls that are malicious.

I downloaded from www.microsoft.com/en-us/software-download/windows10

Thanks

 

OneDriveUpdateTask.exe being flagged as malicious

OneDriveUpdateTask.exe doesn't sound like a legit Microsoft program.

Download Malwarebytes Antimalware and run a full scan. Eliminate every malware it finds.



If the problem persists, do the following:

• Download Farbar Recovery Scan Tool (FRST64.exe)
  
• Run FRST64.exe and click "Scan".
  
• Upload the two logs, FRST.txt and Addition.txt, to your OneDrive and share the link here.