Newbie -- first time malware detection question
Hi, Thank you in advance for reading this and helping. Today Spybot, Malwarebytes, and Avira all found malware on my computer for the first time. Win32.Downloader.gen was found by Spybot. I "fixed" this from within Spybot. Because of this, I ran Malwarebytes (I have the free version of Malwarebytes, Spybot, and Avira) and found 3 PUPs, which I quarantined. PUP.Optional.BundleInstaller , PUP.Optional.DotSetupIo , and a second PUP.Optional.DotSetupIo . Then I ran Avira, a full scan, and found JS/Agent.buy , which I removed, or so Avira says. Finally, I ran the Microsoft Safety Scanner and found 10 items -- which all seemed to relate to Microsoft Defender and a 'poor configuration', which it fixed. For good measure, I ran the Microsoft Malicious Software Removal Tool, which found nothing at that point -- this was just a quick scan. All others were full scans.
I decided to re-immunize my browser, via Spybot. I'm using Windows 10, because I figured there are still some bugs in Windows 11 -- and I once had issues on this 1 yr old HP 17.3" laptop (running Ryzen 5, AMD) with a Windows 10 Update -- that wound up requiring a complete system reinstall.
What else should I do, if anything? Update to Windows 11 for increased security? Run Spybot and Malwarebytes and Avira scans daily for awhile?
I do financial stuff online that I definitely don't want a hacker to get into. It's all with MFA, though. Lots of alerts.
Thank you!
smhoff
After reading about VLC Media Player today and hacking potential, I uninstalled it and installed GOM's video player instead. I did use it pretty often to watch movies. I deleted it from my phone, too, in favor of YT Music.
log file from AdwCleaner scan
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-11-2022
# Duration: 00:00:06
# OS: Windows 10 Home
# Scanned: 32050
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Steve Hoffman\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Microsoft Safety Scanner Results
It said that 10 files/items were infected. The results of the scan were listed this way:
VirTool:Win32/DefenderTamperingRestore ("malware") Removed.
When I click on the hyperlink, I got this page:
https://www.microsoft.com/en-us/wdsi...ore&product=13
It seems like a 'tampering' with configurations of Microsoft Defender. And a better configuration was restored. Or....???
Doing a little reading on this from 2019, it seems like it is a concern. Has Microsoft Safety Scanner gotten to the point where it can remove this by itself? In 2019, I saw experts recommending running Malwarebytes (with rootkit scan enabled), going into safe mode and doing a few other things. I'll cut and paste what I found below.
Thank you in advance for all your help!
SMH
Hi CN. I'm Greg, an installation specialist, 10 year Windows MVP, and Guardian Moderator here to help you.
"Run a full scan with the most powerful on-demand free scanner Malwarebytes:
https://www.malwarebytes.com/mwb-download/.
In the Scan Settings first set it to include scanning for Rootkits.
If necessary run it in Safe Mode with Networking, or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf...
Clean up anything found, restart PC and then run again until it comes up clean.
Check for any remainders in Settings > Apps > Apps & Features, and also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://community.box.com/t5/How-to-Guides-for-...
Then check for damaged System Files: https://www.lifewire.com/how-to-use-sfc-scannow...
If it cannot repair them see Step 10 here to continue: http://answers.microsoft.com/en-us/windows/wiki...
If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version in it's Settings > Account Details tab.
I hope this helps. Feel free to ask back any questions and let us know how it goes. I will keep working with you until it's resolved."
Malwarebytes scan including rootkits
I decided to go ahead and do a malwarebytes scan, again, this time with 'scan for rootkits' enabled. No threat was detected at all.
I wonder if I should go ahead and do the other steps recommended by that other technician. I guess they wouldn't hurt. :-)
Your thoughts?
Thank you.
Looks like the rest of the above are outdated
I looked into doing the rest of what the technician above recommended, and it's mostly seems to be outdated.
I await any further advice. I now have a new Windows 11 system running -- with the above removed. I guess I'll keep running malwarebytes, spybot, and avira, as well as ms safety scanner, on a daily basis for awhile. It's easy to run them.
Thank you!