Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Newbie -- first time malware detection question

  1. #1
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Newbie -- first time malware detection question

    Hi, Thank you in advance for reading this and helping. Today Spybot, Malwarebytes, and Avira all found malware on my computer for the first time. Win32.Downloader.gen was found by Spybot. I "fixed" this from within Spybot. Because of this, I ran Malwarebytes (I have the free version of Malwarebytes, Spybot, and Avira) and found 3 PUPs, which I quarantined. PUP.Optional.BundleInstaller , PUP.Optional.DotSetupIo , and a second PUP.Optional.DotSetupIo . Then I ran Avira, a full scan, and found JS/Agent.buy , which I removed, or so Avira says. Finally, I ran the Microsoft Safety Scanner and found 10 items -- which all seemed to relate to Microsoft Defender and a 'poor configuration', which it fixed. For good measure, I ran the Microsoft Malicious Software Removal Tool, which found nothing at that point -- this was just a quick scan. All others were full scans.

    I decided to re-immunize my browser, via Spybot. I'm using Windows 10, because I figured there are still some bugs in Windows 11 -- and I once had issues on this 1 yr old HP 17.3" laptop (running Ryzen 5, AMD) with a Windows 10 Update -- that wound up requiring a complete system reinstall.

    What else should I do, if anything? Update to Windows 11 for increased security? Run Spybot and Malwarebytes and Avira scans daily for awhile?

    I do financial stuff online that I definitely don't want a hacker to get into. It's all with MFA, though. Lots of alerts.

    Thank you!

    smhoff

    After reading about VLC Media Player today and hacking potential, I uninstalled it and installed GOM's video player instead. I did use it pretty often to watch movies. I deleted it from my phone, too, in favor of YT Music.

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    PUP <== relates to potentially unwanted programs
    https://blog.malwarebytes.com/101/20...nted-programs/

    It sounds like your pretty much on top of what you need to do to ensure safety while online.

    Malwarebytes AdwCleaner

    -------------------
    • Please download AdwCleaner and save it to your Desktop
    • Close all open programs and browsers
    • Right click on the icon and select Run as administrator
    • Click Scan now
    • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    • When completed click View Scan Log File
    • Copy and paste the contents in your reply
    • Click Skip Basic Repair if it appears then close the program

    ===================================================

    Copy and paste this log when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Thanks!

    Quote Originally Posted by Juliet View Post
    PUP <== relates to potentially unwanted programs
    https://blog.malwarebytes.com/101/20...nted-programs/

    It sounds like your pretty much on top of what you need to do to ensure safety while online.

    Malwarebytes AdwCleaner

    -------------------
    • Please download AdwCleaner and save it to your Desktop
    • Close all open programs and browsers
    • Right click on the icon and select Run as administrator
    • Click Scan now
    • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    • When completed click View Scan Log File
    • Copy and paste the contents in your reply
    • Click Skip Basic Repair if it appears then close the program

    ===================================================

    Copy and paste this log when finished.
    Hi Juliet, I wasn't sure anyone would respond. I used Spybot maybe 1-2 days after the first incident, having removed Win32.Downloader.Gen the first time. It was found again, which honestly kind of scared me. So I ran Spybot, Malwarebytes, and Avira again--it was only Spybot that found anything this time. But I decided, since the trojan had come back again, that I would take the initiative and upgrade to Windows 11, hoping that the trojan (Win32.Downloader.Gen) wouldn't be able to 'follow me to Windows 11'. This is because most of the posts I found on the internet re: this trojan were from back in 2013! I figured it was "too old" to be able to get into Windows 11. Whatever trojans these are. Today I upgrade to Windows 11, and have found nothing wrong since. I've restarted a few times and run Spybot twice, and have run MalwareBytes and Avira once each. Nothing bad. I'm going to try AdwCleaner now and see what happens, but it's looking pretty good at this moment. I'll paste the log here when I'm done. Thank you!!!!

  4. #4
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default log file from AdwCleaner scan

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.1.0
    # -------------------------------
    # Build: 11-18-2021
    # Database: 2022-03-15.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 04-11-2022
    # Duration: 00:00:06
    # OS: Windows 10 Home
    # Scanned: 32050
    # Detected: 15


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Folder C:\Users\Steve Hoffman\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
    Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
    Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
    Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  5. #5
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Last Question

    Hi Juliet, It seems that you were maybe guessing that I picked up some adware somewhere, somehow. Like clicking on an ad and getting a trojan that way? How bad could that trojan have been? Would it have enabled the placer of the trojan to gain access to passwords, keystrokes, etc? Or to deliver a much worse exe?

    Thank you again very much!

    S.M.H.

  6. #6
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default By the way -- about GOM

    By the way, my experience of the GOM DVD player was so-so. I played a DVD of New Amsterdam and couldn't get subtitles to work with it. (Having had to download a codec and also messed with audio to get the audio to play. So I just downloaded Microsoft's free DVD player instead, and it works adequately. I won't go back to VLC due to the chinese hacking concerns, though I can't imagine they'd target individuals, who knows? Anyway GOM had some bundleware, I think, that seemed maybe, maybe to be related to a PUP or two.

    S.M.H.

  7. #7
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Microsoft Safety Scanner

    I'm 20 min into a full scan with the MS Safety Scanner. 2 infected files found so far. Let's hope those are the bundled software which came with Windows 11, or previously quarantined files. We'll see.

  8. #8
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Microsoft Safety Scanner Results

    It said that 10 files/items were infected. The results of the scan were listed this way:

    VirTool:Win32/DefenderTamperingRestore ("malware") Removed.

    When I click on the hyperlink, I got this page:

    https://www.microsoft.com/en-us/wdsi...ore&product=13

    It seems like a 'tampering' with configurations of Microsoft Defender. And a better configuration was restored. Or....???

    Doing a little reading on this from 2019, it seems like it is a concern. Has Microsoft Safety Scanner gotten to the point where it can remove this by itself? In 2019, I saw experts recommending running Malwarebytes (with rootkit scan enabled), going into safe mode and doing a few other things. I'll cut and paste what I found below.

    Thank you in advance for all your help!

    SMH


    Hi CN. I'm Greg, an installation specialist, 10 year Windows MVP, and Guardian Moderator here to help you.


    "Run a full scan with the most powerful on-demand free scanner Malwarebytes:
    https://www.malwarebytes.com/mwb-download/.

    In the Scan Settings first set it to include scanning for Rootkits.

    If necessary run it in Safe Mode with Networking, or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf...

    Clean up anything found, restart PC and then run again until it comes up clean.

    Check for any remainders in Settings > Apps > Apps & Features, and also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://community.box.com/t5/How-to-Guides-for-...

    Then check for damaged System Files: https://www.lifewire.com/how-to-use-sfc-scannow...
    If it cannot repair them see Step 10 here to continue: http://answers.microsoft.com/en-us/windows/wiki...

    If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version in it's Settings > Account Details tab.

    I hope this helps. Feel free to ask back any questions and let us know how it goes. I will keep working with you until it's resolved."

  9. #9
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Malwarebytes scan including rootkits

    I decided to go ahead and do a malwarebytes scan, again, this time with 'scan for rootkits' enabled. No threat was detected at all.

    I wonder if I should go ahead and do the other steps recommended by that other technician. I guess they wouldn't hurt. :-)

    Your thoughts?

    Thank you.

  10. #10
    Junior Member
    Join Date
    May 2014
    Posts
    19

    Default Looks like the rest of the above are outdated

    I looked into doing the rest of what the technician above recommended, and it's mostly seems to be outdated.

    I await any further advice. I now have a new Windows 11 system running -- with the above removed. I guess I'll keep running malwarebytes, spybot, and avira, as well as ms safety scanner, on a daily basis for awhile. It's easy to run them.

    Thank you!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •