Jump to content

heyou

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Everything posted by heyou

  1. Thank you for the additional info, exile360! Upon detecting the file, Defender quarantined it, and then I deleted it, so I'm unable to send the file to Microsoft. I guess its source, and/or whether it was a false positive, will remain a mystery.
  2. Thanks, Elisabeth, I did. When I opened AdwCleaner to run a scan, I received a notification that a newer version was available, so I clicked on the link and downloaded directly from the Malwarebytes website. It's an interesting coincidence ... but I guess that's all it is. The question of how that trojan got in bothers me. I read that back in December, Defender was getting false positives for this, so I suppose that's a possibility (but the report says it was immediately fixed).
  3. Last night, shortly after I downloaded adwcleaner_7.2.2.exe, Windows Defender identified a threat, Trojan:Win32/Sonoko.A!ms, in AppData\Local\Temp\nsmail.doc (nsmail is a Thunderbird extension). Could the two be related somehow? Defender quarantined the trojan, and I deleted it. I hadn't downloaded anything else, and while I have received some phishing e-mails lately, I never open the attachments or click on their links. I have only forwarded them on to my ISP so that they are notified. I subsequently ran a complete scan with Defenders, and also scanned with AdwCleaner and Malwarebytes; no other threats were found. I'm puzzled as to how I got this trojan. It could just be a coincidence that it happened right after I downloaded the updated version of AdwCleaner.
  4. OK, I found this article: https://support.malwarebytes.com/docs/DOC-1208
  5. Under "Subscriptions" I see "Deactivate All" (next to the number of seats purchased). Can't you just select that?
  6. Be sure to restart your computer after the update is installed. Mine didn't "take" until after I restarted my computer. Everything is working fine now.
  7. Same story here. I received the update, but it didn't "take" till I restarted my computer. Now everything is back to normal.
  8. I'm seeing similar issues posted by others, so I installed and ran FRST64 and mb-check-3.1.9.1001 (report attached): mb-check-results.zip
  9. Well, it happened again. Another Windows update, and now Malwarebytes' Real-Time Protection is turned off. Same as before, I try turning it on, but it won't go. Is the link above to the latest version? And how do we locate these online? (I see links to the free version, but I have the paid version.)
  10. I have Malwarebytes version 3.3.1.2183. This morning Windows 10 did a lengthy update (called "feature update to Windows 10, version 1709"). Following the update, when I restarted my computer, I received the following notification from Malwarebytes: "Real-Time Protection turned off" I keep trying to turn it on; it says "starting," but then stays off. How do I make it operational again?
  11. Thanks to Ried andeveryone for your help! Just so you know, I also reported this to WinZip, asking why something identified as a PUP was included. I received this reply: "Starting with WinZip 21.5, Smart Monitor is introduced to WinZip. It is being used to provide more granular control over the scheduling of the WinZip Background Tools. If you are not using these tools, you certainly can remove Smart Monitor. It will not hinder any other usage of WinZip." I have no use for that, so I will delete it.
  12. I should have noted that I intentionally installed WinZip 22; WinZip Smart Monitor was automatically installed along with it.
  13. Hi, Ried! Yes, I intentionally purchased and downloaded WinZip 22 (Standard Edition) from the WinZip page: https://store.winzip.com/852/purl-downwz_wzd1cb?tracking=wz Looking in my WinZip folder, I do see a separate WinZip Smart Monitor folder. So I'm assuming I should be able to delete that. I have Eraser software, so that might be a better option.
  14. Thanks to all who answered. So I should delete it? Can anyone recommend the best way to do that, if AdwCleaner won't do it?
  15. Some additional info (screenshots attached) after I scanned all the files in my WinZip folder with VirusTotal:
  16. This past Tuesday, I reinstalled WinZip. Today I ran my weekly AdwCleaner scan (version 7.0.2.1), and it identified WinZip Smart Monitor as a PUP. Meanwhile, my MalwareBytes scan finds nothing. When I tried cleaning, using AdwCleaner, I got this message: Caught unhandled unknown exception; terminating. I'm not having any computer issues. Is this a false positive? I've attached the logfile. logfile.pdf
  17. Thanks! In response to your earlier question, I should have clarified that there is a Sony Media Go Install folder in Program Files, as there was before. However, in that folder there is no Net20\kor\langpack.exe. I even did a search just for langpack.exe, but couldn't find anything. I'll leave the Media Go software installed for now. If anything odd materializes, I will report it here.
  18. No, as I noted before, the auto-install prompt window that opened when I initially plugged in my brand-new Walkman is not showing up now (maybe because I already installed it once before). So I went online and installed Sony's Media Go software, since that was where the Trojan was detected. But now that particular Net20\kor\langpack.exe file extension is not showing up. I went to Sony's eSupport page for the Sony NWZE385 Walkman, and the only download I see is the Media Go software ... which I have already downloaded. Not sure what else I can do here.
  19. Well, sadly that download was an exercise in futility. The langpack.exe file does not show up in the Sony Media Go Install folder. However, there also is neither a Net20 nor a kor file folder there, either. Remember that the Trojan detection did not turn up until three weeks after I purchased the Walkman, and I'd been doing weekly scans prior to that. I still wonder if this might have been produced in an automatic update. So maybe I will have to wait a few weeks and see what, if anything, turns up.
  20. When I plug in the Walkman, now it's not giving me the prompt to download software. Maybe I'll try downloading it directly from the Sony website, and go from there. Thanks!
  21. OK, thanks for the clarification. Since I hadn't discussed doing other types of searches (Google or otherwise), that's where my confusion lay. Since I have deleted all the Sony files from my computer, I decided to try plugging in my Walkman and then using Virus Total to scan the Media Go file. (It's not that specific file, but rather MediaGo.xml.) No viruses were detected. I haven't reinstalled the Sony software. I'm not sure I really want to go there. It's not just because of the Trojan detection, regardless of whether it's a false positive, but also because it's basically a whole lotta stuff I just don't need. I don't need access to the Sony store, or the various and sundry other "advantages" they feel go along with the software. Maybe it's an improvement for other folks, but for me it was a step back. I just want a device I can use to listen to music. That's all.
  22. Sorry, you mean that in the Virus Total search field I would type all of that information? That seems like a lot of info to cram into a search field ... but I will give it a try. Thanks!
  23. David, thanks for the explanation about PUP.Optional. I guess I assumed that since Malwarebytes detected it, it was considered malware. Live and learn! As I noted in my first post, after this Trojan was detected in the Sony Media Go file, I uninstalled all of the Sony Walkman software and deleted any related files. So that file is no longer on my computer. I have Virus Total bookmarked, but I didn't think to run the file there before deleting it. Doing a search for that filename, they don't have it listed. I guess I can try reinstalling all the software to see what happens. Not sure I want to, though. Usually, when ClamWin spots what it considers to be a false positive, it is identified as such. But that didn't happen this time around. I admit that I laughed when I saw kor in the file. Wasn't Korea implicated in this most recent Sony hack scandal?
  24. On Feb. 5, I purchased a Sony NWZE385 Walkman MP3/Video Player and installed the required software. My previous Sony Walkman had no such software. It was your basic plug-and-play device; you just plugged it in and transferred files, much like a memory stick. But now Sony has developed a number of add-ons, I guess to make the Walkman more like an Ipod, and so before you can operate the Walkman you have to go through an extensive automatic download/installation process ... without knowing if you need any or all of it. One of the downloaded applications is called Media Go. On Feb. 7, 14 and 21, I ran Malwarebytes scans on my computer, as well as ClamWin antivirus and Microsoft Security Essentials. No malware or viruses were detected. On Feb. 28, I ran Malwarebytes and Microsoft Security Essentials, and as before nothing odd came up. However, while running a ClamWin virus scan, it located the following Trojan associated with Sony's Media Go software: C:\Program Files\Sony Media Go Install\Net20\kor\langpack.exe: Win.Trojan.Agent-848388 FOUND. After removing the Trojan I uninstalled all of the Sony Walkman software and deleted any related files still left on my computer. Since then all ClamWin scans (as well as Malwarebytes and Microsoft Security Essentials) have come up clean. I contacted Sony to try to find out how a virus ended up in software associated with the Walkman software installation. They insist there's no way I could have picked up a Trojan via software downloads from Sony websites. However, I wonder if it is possible to pick up Trojans via automatic downloads? It happened to me last November, when I'm pretty sure I picked up a Trojan via an automatic Flash Player update. (I ended up with the unwanted Ask Toolbar and immediately started getting Trojan and virus alerts. I have since switched to manual Flash Player updates; I go to the Adobe website and check for updated versions, then install them as needed.) It was at this point that I installed Malwarebytes (free version), which did initially find and quarantine the following malware: PUP.Optional.DownloadSponsor. I have been running weekly Malwarebytes scans ever since. The Sony attendant I spoke with on the phone claimed that I still could have malware on my computer, which is lurking in the background and waiting until certain software coding pops up and activates the Trojan, which then attaches itself to that particular file. If that's the case, then why isn't Malwarebytes spotting it? Or did the attendant just feed me a line to try to deflect blame away from Sony? (Who, after all, does not have the greatest track record when it comes to security.)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.