I get this weird icon on the taskbar,
https://postimg.cc/211HQPpp
and then a demand to reenter my password.

Is this the Windows password? Or Outlook365 password? Or Office365
password? Or what?

Also, suddenly my
Notepad and Snippet tool do not work, and I had to reload them from
Microsoft Store.

Changes in fonts have been appearing all of a sudden too.

And now a Virtual Drive on my C drive cannot be unlocked via
bitlocker.

Why is all this not automatic with the upgrades?

I'm starting to think I need a backup office-type suite to use if
MSoft gets all too complicated.

I have done this already with email, one that runs in parallel with
Outlook.

I will sniff out a alternate database, and alternate word processor in
the near future. MSofts endless demands for passwords are causing
angst!

On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>
> I get this weird icon on the taskbar,
> https://postimg.cc/211HQPpp
> and then a demand to reenter my password.
>
> Is this the Windows password? Or Outlook365 password? Or Office365
> password? Or what?

[more things, snipped for brevity]

For your sake I hope I'm wrong, but in the aggregate
with the other weird stuff you mention, I suspect
malware. Have you done a complete scan since these
things started happening?

--
Stan Brown, Tehachapi, California, USA
https://BrownMath.com/
Shikata ga nai...

On 7/15/2023 2:14 AM, Stan Brown wrote:
> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>
>> I get this weird icon on the taskbar,
>> https://postimg.cc/211HQPpp
>> and then a demand to reenter my password.
>>
>> Is this the Windows password? Or Outlook365 password? Or Office365
>> password? Or what?
>
> [more things, snipped for brevity]
>
> For your sake I hope I'm wrong, but in the aggregate
> with the other weird stuff you mention, I suspect
> malware. Have you done a complete scan since these
> things started happening?
>

And it should be an offline scan of the C: drive.
That's so the scanner can pick up RootKits (the naive
kind). There are some RootKits which hide in RAM
when the OS is running, and those (from nation state actors)
are harder to detect and mitigate.

https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c

A casual research topic today (for me), is "what happens if
the running OS cannot prepare an MDO scan ?" . You might have
to prepare media for the scan, on a second computer known not
to be infected. When a malware has the ability to spread
over the LAN, between machines, this can be a very difficult
requirement to meet.

When the MDO media is made, it's just a WinPE or WinRE style
boot system put on a USB stick (or on a CD), and when that
media is booted, it downloads fresh definitions. It is not
completely reliant on the patch level of the donor computer.
Some of the content is acquired from Microsoft, when the scan is
done. This is similar to a Kav 10 scan, where definitions are
updated before the scan is run.

So what have I got in the house that would qualify ? My laptop
is seldom used, and should be clean. It has a DVD burner on it
(slim drive). If all I had was optical media, I'd be fine.
For USB, it only has USB2, which again, is sufficient to fill
up a stick with a boot system. My Optiplex Refurb would also
qualify, in the sense that I'm so out of touch with the thing,
I don't even know if there's a Win10 on it :-) The disk might
only have Win7. It has run W10, long enough to activate.

Paul

On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason <pj@jostle.com> wrote:

>I get this weird icon on the taskbar,
>https://postimg.cc/211HQPpp
>and then a demand to reenter my password.
>
>Is this the Windows password? Or Outlook365 password? Or Office365
>password? Or what?
>
>Also, suddenly my
>Notepad and Snippet tool do not work, and I had to reload them from
>Microsoft Store.
>
>Changes in fonts have been appearing all of a sudden too.
>
>And now a Virtual Drive on my C drive cannot be unlocked via
>bitlocker.
>
>Why is all this not automatic with the upgrades?
>
>I'm starting to think I need a backup office-type suite to use if
>MSoft gets all too complicated.
>
>I have done this already with email, one that runs in parallel with
>Outlook.
>
>I will sniff out a alternate database, and alternate word processor in
>the near future. MSofts endless demands for passwords are causing
>angst!
>
>
You could also run a repair reinstall

KenW

On 07/15/2023 12:56 AM, Peter Jason wrote:
> I get this weird icon on the taskbar,
> https://postimg.cc/211HQPpp
> and then a demand to reenter my password.
>
> Is this the Windows password? Or Outlook365 password? Or Office365
> password? Or what?
>
> Also, suddenly my
> Notepad and Snippet tool do not work, and I had to reload them from
> Microsoft Store.
>
> Changes in fonts have been appearing all of a sudden too.
>
> And now a Virtual Drive on my C drive cannot be unlocked via
> bitlocker.
>
> Why is all this not automatic with the upgrades?
>
> I'm starting to think I need a backup office-type suite to use if
> MSoft gets all too complicated.
>
> I have done this already with email, one that runs in parallel with
> Outlook.
>
> I will sniff out a alternate database, and alternate word processor in
> the near future. MSofts endless demands for passwords are causing
> angst!
>
>
>
I use Corel's Word Perfect office suite for that exact reason. I find
the MS ribbon tool bar one of the most confusing things to use in any
software there is.

On 2023-07-15 09:11, Paul wrote:
> On 7/15/2023 2:14 AM, Stan Brown wrote:
>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>
>>> I get this weird icon on the taskbar,
>>> https://postimg.cc/211HQPpp
>>> and then a demand to reenter my password.
>>>
>>> Is this the Windows password? Or Outlook365 password?  Or Office365
>>> password?   Or what?
>>
>> [more things, snipped for brevity]
>>
>> For your sake I hope I'm wrong, but in the aggregate
>> with the other weird stuff you mention, I suspect
>> malware. Have you done a complete scan since these
>> things started happening?
>>
>
> And it should be an offline scan of the C: drive.
> That's so the scanner can pick up RootKits (the naive
> kind). There are some RootKits which hide in RAM
> when the OS is running, and those (from nation state actors)
> are harder to detect and mitigate.
>
> https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c
>
> A casual research topic today (for me), is "what happens if
> the running OS cannot prepare an MDO scan ?" . You might have
> to prepare media for the scan, on a second computer known not
> to be infected. When a malware has the ability to spread
> over the LAN, between machines, this can be a very difficult
> requirement to meet.
>
> When the MDO media is made, it's just a WinPE or WinRE style
> boot system put on a USB stick (or on a CD), and when that
> media is booted, it downloads fresh definitions. It is not
> completely reliant on the patch level of the donor computer.
> Some of the content is acquired from Microsoft, when the scan is
> done. This is similar to a Kav 10 scan, where definitions are
> updated before the scan is run.

For my illustration:

Can such a media be prepared on a Linux computer currently?

Most of my machines are Linux, but I have some Windows virtual machines
and sometimes they ask me to repair Windows machines. So if I need ever
to do such an operation, I would prefer to prepare that media on Linux,
with the advantage that it has more chances of being clean.

--
Cheers, Carlos.

On 7/15/2023 8:46 AM, KenW wrote:
> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason <pj@jostle.com> wrote:
>
>> I get this weird icon on the taskbar,
>> https://postimg.cc/211HQPpp
>> and then a demand to reenter my password.
>>
>> Is this the Windows password? Or Outlook365 password? Or Office365
>> password? Or what?
>>
>> Also, suddenly my
>> Notepad and Snippet tool do not work, and I had to reload them from
>> Microsoft Store.
>>
>> Changes in fonts have been appearing all of a sudden too.
>>
>> And now a Virtual Drive on my C drive cannot be unlocked via
>> bitlocker.
>>
>> Why is all this not automatic with the upgrades?
>>
>> I'm starting to think I need a backup office-type suite to use if
>> MSoft gets all too complicated.
>>
>> I have done this already with email, one that runs in parallel with
>> Outlook.
>>
>> I will sniff out a alternate database, and alternate word processor in
>> the near future. MSofts endless demands for passwords are causing
>> angst!
>>
>>
> You could also run a repair reinstall
>
>
> KenW
>

You could, but being aware that it does not clean the Registry
enough to correct every sin.

Maybe Peter should be nominated as an example of a "real user"
and how magical the experience would be if Windows 11 was a
rental OS :-)

I suspect this may actually be a barrier to usage -- the users
know what the blowback is from adding software, so they "get by"
without fancy stuff.

I know I would not touch encrypted storage with a barge-pole,
because with my luck, I'd uncover some unique bug and my "prize"
would be data loss. We know that isn't the case here, and it's
just a matter of using the Recovery Key yet again.

Microsoft has a lot on their plate right now, with the UEFI
issue to mitigate over a period of the next year (multiple
updates, an attempt to make the fixes seamless), and the
driver signing revocation. None of this should particularly
affect Peter, but if some recent change were to modify the
TPM, that might cause the Bitlocker to fail to unlock. I don't
know if a "root of trust" plays a part in passwords or not,
as you'd think they would be compared to the Cloud copy of
any password, rather than being stored locally or computed
locally. But maybe I lack imagination, on the complexity front.

"Note: When you change your password in Microsoft 365, be sure
to update the password on your phone and desktop email program
to match the new password for your account."

Hmmm. Magical. Reminds me of all those PostIT notes I used
to keep stuck to my screen, and changing 12345Jan to 12345Feb :-)
I swear, it used to take me half a day per month, to change
all the passwords at work. Good times. (The password rule check
had a rule for month, so they blocked that particular idea.
One of my buddies at work was pissed when they added that rule,
as the month-dodge was one of his favorites.)

There are other ways to authenticate, but isn't this just
like digging a large hole in the back yard, and not having
any lights out there ? The hole you dig, is the one you will
fall into. You know these alternatives are a bad idea, when
the FIDO company "suggests" you buy two keys. Well, what
happened to the first one ?

Paul

I only used Bitlocker once on a flash stick. I am too old and don't
trust that stuff

KenW

Peter Jason wrote:
> I get this weird icon on the taskbar,
> https://postimg.cc/211HQPpp
> and then a demand to reenter my password.
>
> Is this the Windows password? Or Outlook365 password? Or Office365
> password? Or what?
>

>
>
The exclamation mark on the Outlook icon indicates exactly why the
password prompt is presented.

i.e. something was changed
Windows Microsoft Account(MSA) password
Outlook not signed in with MSA and password used to purchase Office to
ensure activation and use
Note: If the Windows MSA password was changed and the same MSA is used
for signing on in Outlook, then OL(and all other Office programs) then
re-validation is necessary for OL(and Office programs) use and
activation with the updated MSA password

If using a Local Account in Windows and the MSA password used for
sign-in OL was changed, the same applies(sign out, sign in with MSA
email/new password - i.e. the same MSA that was used to purchase OL but
with the new password.

There are other possibilities

- password corruption locally but that would also indicate/cause an
upstream issue - fail to logon to Windows with that same MSA.
- password change made in web UI or Windows and not synced in either
direction[up or down] for Windows or online MSA account.

--
....w¡ñ§±¤ñ

On 7/15/2023 9:13 AM, Carlos E.R. wrote:
> On 2023-07-15 09:11, Paul wrote:
>> On 7/15/2023 2:14 AM, Stan Brown wrote:
>>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>>
>>>> I get this weird icon on the taskbar,
>>>> https://postimg.cc/211HQPpp
>>>> and then a demand to reenter my password.
>>>>
>>>> Is this the Windows password? Or Outlook365 password?  Or Office365
>>>> password?   Or what?
>>>
>>> [more things, snipped for brevity]
>>>
>>> For your sake I hope I'm wrong, but in the aggregate
>>> with the other weird stuff you mention, I suspect
>>> malware. Have you done a complete scan since these
>>> things started happening?
>>>
>>
>> And it should be an offline scan of the C: drive.
>> That's so the scanner can pick up RootKits (the naive
>> kind). There are some RootKits which hide in RAM
>> when the OS is running, and those (from nation state actors)
>> are harder to detect and mitigate.
>>
>> https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c
>>
>> A casual research topic today (for me), is "what happens if
>> the running OS cannot prepare an MDO scan ?" . You might have
>> to prepare media for the scan, on a second computer known not
>> to be infected. When a malware has the ability to spread
>> over the LAN, between machines, this can be a very difficult
>> requirement to meet.
>>
>> When the MDO media is made, it's just a WinPE or WinRE style
>> boot system put on a USB stick (or on a CD), and when that
>> media is booted, it downloads fresh definitions. It is not
>> completely reliant on the patch level of the donor computer.
>> Some of the content is acquired from Microsoft, when the scan is
>> done. This is similar to a Kav 10 scan, where definitions are
>> updated before the scan is run.
>
> For my illustration:
>
> Can such a media be prepared on a Linux computer currently?
>
> Most of my machines are Linux, but I have some Windows virtual machines and sometimes they ask me to repair Windows machines. So if I need ever to do such an operation, I would prefer to prepare that media on Linux, with the advantage that it has more chances of being clean.
>

I just tried some stuff, and I'm mistaken.

W10,W11 - test themselves (the boot cycle for the offline scan
is done without a USB stick)

W7,W8 - The web page offers a stub loader, and it
makes a 320,208,896 byte ISO file (to give some idea
how big the boot materials are).

I made the ISO (W7/W8), and it has

sources/
boot/
EFI/
mpam-fex64.exe
bootmgr.efi
bootmgr
FilesList64.dll

Paul

On 7/15/2023 9:13 AM, Carlos E.R. wrote:
> On 2023-07-15 09:11, Paul wrote:
>> On 7/15/2023 2:14 AM, Stan Brown wrote:
>>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>>
>>>> I get this weird icon on the taskbar,
>>>> https://postimg.cc/211HQPpp
>>>> and then a demand to reenter my password.
>>>>
>>>> Is this the Windows password? Or Outlook365 password?  Or Office365
>>>> password?   Or what?
>>>
>>> [more things, snipped for brevity]
>>>
>>> For your sake I hope I'm wrong, but in the aggregate
>>> with the other weird stuff you mention, I suspect
>>> malware. Have you done a complete scan since these
>>> things started happening?
>>>
>>
>> And it should be an offline scan of the C: drive.
>> That's so the scanner can pick up RootKits (the naive
>> kind). There are some RootKits which hide in RAM
>> when the OS is running, and those (from nation state actors)
>> are harder to detect and mitigate.
>>
>> https://support.microsoft.com/en-us/windows/help-protect-my-pc-with-microsoft-defender-offline-9306d528-64bf-4668-5b80-ff533f183d6c
>>
>> A casual research topic today (for me), is "what happens if
>> the running OS cannot prepare an MDO scan ?" . You might have
>> to prepare media for the scan, on a second computer known not
>> to be infected. When a malware has the ability to spread
>> over the LAN, between machines, this can be a very difficult
>> requirement to meet.
>>
>> When the MDO media is made, it's just a WinPE or WinRE style
>> boot system put on a USB stick (or on a CD), and when that
>> media is booted, it downloads fresh definitions. It is not
>> completely reliant on the patch level of the donor computer.
>> Some of the content is acquired from Microsoft, when the scan is
>> done. This is similar to a Kav 10 scan, where definitions are
>> updated before the scan is run.
>
> For my illustration:
>
> Can such a media be prepared on a Linux computer currently?
>
> Most of my machines are Linux, but I have some Windows virtual machines and sometimes they ask me to repair Windows machines. So if I need ever to do such an operation, I would prefer to prepare that media on Linux, with the advantage that it has more chances of being clean.
>

It took me a lot of searches, but how the W7/W8 MDO (Microsoft Defender Offline)
works, is described here.

https://www.verboon.info/2012/01/how-the-windows-defender-offline-beta-tool-works/

[LaunchApp]
AppPath = "%ProgramFiles%\Microsoft Security Client\OfflineScannerShell.exe"

That is the executable that makes the ugly graphics for the scanner :-)

The article describes some of the other moving parts.

I would guess, you'd open up boot.wim on your bootable media, and
add some of that stuff so it is available. It doesn't have to be
set up to boot directly into the offlinescannershell. It would
be OK to use the Command Prompt window on the media you build,
and run offlinescannershell.exe from Command Prompt. But once you ran it,
it takes over the screen and "is an animal". You would have to boot
the media again, if you had additional work you wanted to do. This is
not "friendlyware", it's crapware that blinks :-)

When you run it the Microsoft way (Microsoft just boots directly into
its solution), the output can be found on the C: drive later. MSSS is
the former name for it, before it became WDO or MDO (whatever it is this week).

msssWrapper.log

WARNING 2023/07/15 11:19:48:778 TID:1460 PID:1432
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING 2023/07/15 11:19:48:778 TID:1460 PID:1432
Missing definitions file in 'X:\mpam-fex64.exe' [would be mpam-fe.exe on W10 x86...]

It searches the root of all partitions, looking for a definitions
file. The X: partition, is the partition an Installer DVD boots to,
and X: is a RAMDrive (loaded during boot) from boot.wim . You could
in this case, stage a fresh mpam-fex64.exe right on the drive needing
a scan, and then your bootable media would not need it added to boot.wim .

If the mpam-fex64.exe is too old, it is supposed to go online and get one,
and that's why the networking has to be configured to work (verboon.info page).

The "offlinescannershell.exe" is already on your Windows 11.

*******

The other thing I found, is this, for updating Defender if you're making
corporate images.

https://support.microsoft.com/en-us/topic/microsoft-defender-update-for-windows-operating-system-installation-images-1c89630b-61ff-00a1-04e2-2d1f3865450d

There is a link on there that would give you:

https://definitionupdates.microsoft.com/download/DefinitionUpdates/dism/20230604.1/x64/defender-update-kit-x64.zip

132,421,348 bytes -- content changes frequently, so sha256 would be useless.

That's a potential source of up-to-date materials for building media.
But it does not include offlineshellscanner, because that's a "relatively dumb"
script-level thing for orchestrating the moving parts. It's the AV Engine
itself which is more dynamic and subject to updates.

Anyway, that's an update with some possibilities. I haven't reduced this
to a recipe. I've barely made my media to be used as source material :-)
Which now needs to be backed up. (I made a Recovery Key, so the materials
would be in an easy format for me. I would have been forced to burn a CD
to use the Windows Backup disc method.)

Paul

On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
<the_stan_brown@fastmail.fm> wrote:

>On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>
>> I get this weird icon on the taskbar,
>> https://postimg.cc/211HQPpp
>> and then a demand to reenter my password.
>>
>> Is this the Windows password? Or Outlook365 password? Or Office365
>> password? Or what?
>
>[more things, snipped for brevity]
>
>For your sake I hope I'm wrong, but in the aggregate
>with the other weird stuff you mention, I suspect
>malware. Have you done a complete scan since these
>things started happening?

This has been on the computer for some time, but MSoft can't get rid
of it....
https://postimg.cc/d7fRTnxw
....is there some way to delete this?

On Mon, 17 Jul 2023 09:30:49 +1000, Peter Jason <pj@jostle.com> wrote:

>On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
><the_stan_brown@fastmail.fm> wrote:
>
>>On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>
>>> I get this weird icon on the taskbar,
>>> https://postimg.cc/211HQPpp
>>> and then a demand to reenter my password.
>>>
>>> Is this the Windows password? Or Outlook365 password? Or Office365
>>> password? Or what?
>>
>>[more things, snipped for brevity]
>>
>>For your sake I hope I'm wrong, but in the aggregate
>>with the other weird stuff you mention, I suspect
>>malware. Have you done a complete scan since these
>>things started happening?
>
>This has been on the computer for some time, but MSoft can't get rid
>of it....
>https://postimg.cc/d7fRTnxw
>...is there some way to delete this?

Try adwcleaner and/or an online virus scanner.

KenW

On 7/16/2023 8:23 PM, KenW wrote:
> On Mon, 17 Jul 2023 09:30:49 +1000, Peter Jason <pj@jostle.com> wrote:
>
>> On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
>> <the_stan_brown@fastmail.fm> wrote:
>>
>>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>>
>>>> I get this weird icon on the taskbar,
>>>> https://postimg.cc/211HQPpp
>>>> and then a demand to reenter my password.
>>>>
>>>> Is this the Windows password? Or Outlook365 password? Or Office365
>>>> password? Or what?
>>>
>>> [more things, snipped for brevity]
>>>
>>> For your sake I hope I'm wrong, but in the aggregate
>>> with the other weird stuff you mention, I suspect
>>> malware. Have you done a complete scan since these
>>> things started happening?
>>
>> This has been on the computer for some time, but MSoft can't get rid
>> of it....
>> https://postimg.cc/d7fRTnxw
>> ...is there some way to delete this?
>
> Try adwcleaner and/or an online virus scanner.
>
>
> KenW
>

This would be an opportunity to try the offline scanner.

It prepares your machine for a reboot, into a temporary OS.
In the temporary OS, it uses a copy of Windows Defender to
scan C: . If there are any "tough to remove" items, this
method offers a second way to deal with them.

https://www.elevenforum.com/attachments/micosoft_defender_offline_scan-3-png.20387/

( https://www.elevenforum.com/t/run-microsoft-defender-offline-scan-in-windows-11.4345/ )

A Bitdefender or a KAV rescue disc, would do similar things.
But are more work to set up.

Before ticking that radio button in the picture, make
sure your files are saved and your editors are closed,
as it's going to reboot soon after you tick the box
and give it permission to go ahead.

Paul

Peter Jason wrote:
> On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
> <the_stan_brown@fastmail.fm> wrote:
>
>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>
>>> I get this weird icon on the taskbar,
>>> https://postimg.cc/211HQPpp
>>> and then a demand to reenter my password.
>>>
>>> Is this the Windows password? Or Outlook365 password? Or Office365
>>> password? Or what?
>>
>> [more things, snipped for brevity]
>>
>> For your sake I hope I'm wrong, but in the aggregate
>> with the other weird stuff you mention, I suspect
>> malware. Have you done a complete scan since these
>> things started happening?
>
> This has been on the computer for some time, but MSoft can't get rid
> of it....
> https://postimg.cc/d7fRTnxw
> ...is there some way to delete this?
>

Have you used the included Windows Security/Defender information on the
location(folder/file...) for that specific 'threat'

It's a simple method/procedure on Windows 10/11 to reset the Protection
History history/store.
- if desired, use Bing or Google for one of the multiple
methods(Powershell, Event Viewer, or File Explorer)

--
....w¡ñ§±¤ñ

On Mon, 17 Jul 2023 00:06:26 -0400, "...winston"
<winstonmvp@gmail.com> wrote:

>Peter Jason wrote:
>> On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
>> <the_stan_brown@fastmail.fm> wrote:
>>
>>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>>
>>>> I get this weird icon on the taskbar,
>>>> https://postimg.cc/211HQPpp
>>>> and then a demand to reenter my password.
>>>>
>>>> Is this the Windows password? Or Outlook365 password? Or Office365
>>>> password? Or what?
>>>
>>> [more things, snipped for brevity]
>>>
>>> For your sake I hope I'm wrong, but in the aggregate
>>> with the other weird stuff you mention, I suspect
>>> malware. Have you done a complete scan since these
>>> things started happening?
>>
>> This has been on the computer for some time, but MSoft can't get rid
>> of it....
>> https://postimg.cc/d7fRTnxw
>> ...is there some way to delete this?
>>
>
>Have you used the included Windows Security/Defender information on the
>location(folder/file...) for that specific 'threat'
>
>It's a simple method/procedure on Windows 10/11 to reset the Protection
>History history/store.
>- if desired, use Bing or Google for one of the multiple
>methods(Powershell, Event Viewer, or File Explorer)

Thank you all. I have done all the extensive scans and the MSoft
off-line one too.

This virus has been on the computer for months without any effect, and
now Malwaybytes cannot find it.

However I have found the problem by disconnecting the HDD Docking
device, a very-old "Icy-Box" 1B-120CL-U3, evidently corrupted, and
replaced it with something similar ...
USB-DS12 Sabrent USB 3.0 TO SSD SATA IDE 2.5" 3.5"
5.25" HDD Converter W/ Power Supply & LED
Activity Lights [10 TB Support].
....that is working well.

Thanks to all for your help,.

Peter Jason wrote:
> On Mon, 17 Jul 2023 00:06:26 -0400, "...winston"
> <winstonmvp@gmail.com> wrote:
>
>> Peter Jason wrote:
>>> On Fri, 14 Jul 2023 23:14:48 -0700, Stan Brown
>>> <the_stan_brown@fastmail.fm> wrote:
>>>
>>>> On Sat, 15 Jul 2023 14:56:52 +1000, Peter Jason wrote:
>>>>>
>>>>> I get this weird icon on the taskbar,
>>>>> https://postimg.cc/211HQPpp
>>>>> and then a demand to reenter my password.
>>>>>
>>>>> Is this the Windows password? Or Outlook365 password? Or Office365
>>>>> password? Or what?
>>>>
>>>> [more things, snipped for brevity]
>>>>
>>>> For your sake I hope I'm wrong, but in the aggregate
>>>> with the other weird stuff you mention, I suspect
>>>> malware. Have you done a complete scan since these
>>>> things started happening?
>>>
>>> This has been on the computer for some time, but MSoft can't get rid
>>> of it....
>>> https://postimg.cc/d7fRTnxw
>>> ...is there some way to delete this?
>>>
>>
>> Have you used the included Windows Security/Defender information on the
>> location(folder/file...) for that specific 'threat'
>>
>> It's a simple method/procedure on Windows 10/11 to reset the Protection
>> History history/store.
>> - if desired, use Bing or Google for one of the multiple
>> methods(Powershell, Event Viewer, or File Explorer)
>
> Thank you all. I have done all the extensive scans and the MSoft
> off-line one too.
>
> This virus has been on the computer for months without any effect, and
> now Malwaybytes cannot find it.
>
> However I have found the problem by disconnecting the HDD Docking
> device, a very-old "Icy-Box" 1B-120CL-U3, evidently corrupted, and
> replaced it with something similar ...
> USB-DS12 Sabrent USB 3.0 TO SSD SATA IDE 2.5" 3.5"
> 5.25" HDD Converter W/ Power Supply & LED
> Activity Lights [10 TB Support].
> ...that is working well.
>
> Thanks to all for your help,.
>

The presence of an item in Protection History does not always indicate
presence on an existing storage device.
- just a record of something found(valid, false positive) at a point
in time.

A 'docking device' would not be the source of the item shown in
protection history. It's just a piece of hardware.

--
....w¡ñ§±¤ñ