my laptop was detected as a vm for some reason

[nekohacker591]

not sure what to do from here but i ran it on real hardware and got detected

[ghost]

Sending a screenshot or a log would be neccessary to understand what exactly got detected

[nekohacker591]

Sending a screenshot or a log would be neccessary to understand what exactly got detected

• Pafish (Paranoid Fish) *

[-] Windows version: 6.2 build 9200
[-] Running in WoW64: False
[-] CPU: GenuineIntel
Hypervisor: Microsoft Hv
CPU brand: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz

[-] Debuggers detection
[] Using IsDebuggerPresent() ... OK
[] Using BeingDebugged via PEB access ... OK

[-] CPU information based detections
[] Checking the difference between CPU timestamp counters (rdtsc) ... OK
[] Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
[] Checking hypervisor bit in cpuid feature bits ... traced!
[] Checking cpuid hypervisor vendor for known VM vendors ... traced!

[-] Generic reverse turing tests
[] Checking mouse presence ... OK
[] Checking mouse movement ... traced!
[] Checking mouse speed ... OK
[] Checking mouse click activity ... traced!
[] Checking mouse double click activity ... traced!
[] Checking dialog confirmation ... OK
[*] Checking plausible dialog confirmation ... OK

[-] Generic sandbox detection
[] Checking username ... OK
[] Checking file path ... OK
[] Checking common sample names in drives root ... OK
[] Checking if disk size <= 60GB via DeviceIoControl() ... OK
[] Checking if disk size <= 60GB via GetDiskFreeSpaceExA() ... OK
[] Checking if Sleep() is patched using GetTickCount() ... OK
[] Checking if NumberOfProcessors is < 2 via PEB access ... OK
[] Checking if NumberOfProcessors is < 2 via GetSystemInfo() ... OK
[] Checking if pysical memory is < 1Gb ... OK
[] Checking operating system uptime using GetTickCount() ... OK
[*] Checking if operating system IsNativeVhdBoot() ... OK

[-] Sandboxie detection
[*] Using GetModuleHandle(sbiedll.dll) ... OK

[-] Wine detection
[] Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... OK
[] Reg key (HKCU\SOFTWARE\Wine) ... OK

[-] VirtualBox detection
[] Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
[] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
[] Reg key (HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions) ... OK
[] Reg key (HKLM\HARDWARE\Description\System "VideoBiosVersion") ... OK
[] Reg key (HKLM\HARDWARE\ACPI\DSDT\VBOX__) ... OK
[] Reg key (HKLM\HARDWARE\ACPI\FADT\VBOX__) ... OK
[] Reg key (HKLM\HARDWARE\ACPI\RSDT\VBOX__) ... OK
[] Reg key (HKLM\SYSTEM\ControlSet001\Services\VBox*) ... OK
[] Reg key (HKLM\HARDWARE\DESCRIPTION\System "SystemBiosDate") ... OK
[] Driver files in C:\WINDOWS\system32\drivers\VBox* ... OK
[] Additional system files ... OK
[] Looking for a MAC address starting with 08:00:27 ... OK
[] Looking for pseudo devices ... OK
[] Looking for VBoxTray windows ... OK
[] Looking for VBox network share ... OK
[] Looking for VBox processes (vboxservice.exe, vboxtray.exe) ... OK
[*] Looking for VBox devices using WMI ... OK

[-] VMware detection
[] Scsi port 0,1,2 ->bus->target id->logical unit id-> 0 identifier ... OK
[] Reg key (HKLM\SOFTWARE\VMware, Inc.\VMware Tools) ... OK
[] Looking for C:\WINDOWS\system32\drivers\vmmouse.sys ... OK
[] Looking for C:\WINDOWS\system32\drivers\vmhgfs.sys ... OK
[] Looking for a MAC address starting with 00:05:69, 00:0C:29, 00:1C:14 or 00:50:56 ... OK
[] Looking for network adapter name ... OK
[] Looking for pseudo devices ... OK
[] Looking for VMware serial number ... OK

[-] Qemu detection
[] Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
[] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
[*] cpuid CPU brand string 'QEMU Virtual CPU' ... OK

[-] Bochs detection
[] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
[] cpuid AMD wrong value for processor name ... OK
[*] cpuid Intel wrong value for processor name ... OK

[-] Pafish has finished analyzing the system, check the log file for more information
and visit the project's site:

https://github.com/a0rtega/pafish

[ghost]

i have the same 3 traced things but i don't think its gonna be a problem and the reason and why its being detected is not known for me

Did you have prehaps any problems or just asking why it was shown as traced

[nekohacker591]

i have the same 3 traced things but i don't think its gonna be a problem and the reason and why its being detected is not known for me

Did you have prehaps any problems or just asking why it was shown as traced

just wondering why its traced

[kernelwernel]

i have the same 3 traced things but i don't think its gonna be a problem and the reason and why its being detected is not known for me
Did you have prehaps any problems or just asking why it was shown as traced

just wondering why its traced

The reason why is because Hyper-V upon installation changes the hardware values of your system in a way that makes it look like it’s in a Hyper-V VM. Pafish took those discretely modified CPUID hardware values and determined they were unique to Hyper-V (for example the "Microsoft Hv" CPU manufacturer when in fact it should be "GenuineIntel" in your case), which is why you got that result. This is also the same with the "hypervisor bit" trace. I have a VM detection library project with the same intention as Pafish, and the problem you experienced was also an issue that I had to fix with a reliable mechanism to determine between a Hyper-V VM and a fake Hyper-V VM that modified the host CPUID values.

I suppose the only fix is to uninstall Hyper-V in your system entirely, but i’m not exactly sure if this will fix the problem.