Jump to content

Please help Identify & Nail-down the Root-cause!


Recommended Posts

Hello Community Members!

Please refer to the enclosed Compilation of our frantic Anti-Malware Scans (2.2.1.1043, v2016.05.04.02), & help Identify & thus Nail-down the Root-cause behind such repetitive incursions of PUP. Would also like to Update that though the detected elements have been comfortably masqueraded as mere PUP by the Freeware-Product, actual repercussions have been much more than what is generally expected out of a benign PUP. 

Browser Home-pages have been changed to Hohosearch, & similarly, the "Default Search Engines" have made an inadvertent transition for Hohosearch. Lastly, all our Customized Browser-Settings have been revert to Default values as well!

System Information----Win 8 Desktop PC, 64-Bit OS Edition, 2GB RAM etc.

Please help identify the Root-cause & help prevent a further intrusion in a decisive manner.

Thank you. 

May Detections.pdf

Link to post
Share on other sites

Hi saurabhdua :)

Usually, PUPs are dropped on a system because of the user. PUPs are often bundled with free software installers, as a mean for the program developer to make more money on the side. Therefore, if these infections are repetitive, it's most likely because your users are downloading and installing programs from the Internet by themselves without paying attention to the setup process (picking a "Normal" installation mode over a "Custom" or "Advanced" which allows you to opt-out additional programs and/or offers).

So if I were you, I would start by looking at what your users do with their systems, how often they download/install programs, where they get them from, etc.

Link to post
Share on other sites

Hello Aura, Yes indeed, I would like to recount an experience where some Bundled Software were downloaded/installed inadvertently when trying to install a Newsletter-Recommended .PDF Compressor from ---freepdfutilities.com.

Now, What's the Solution? I have been quite diligent to Run Scans after Scans to get to the root of the problem, but MalwareBytes-AntiMalware isn't proving to be that Good as per its Original reputation! It is able to Highlight 4-6 entries against the Last stage of Heuristic search upon every Single attempt. Lastly, as far as the Troublemaker Software is concerned, I did really Uninstall the same very same day, within a few moments after sensing something fishy with an Overall experience!  

Now what's the Solution? Would you be keen to explore these 6-8 entries detected during this Afternoon's Scan? Please help Counsel on a Decisive Outcome. Thanks.

4thMay2016-ScanLog.txt

Link to post
Share on other sites

The problem here isn't Malwarebytes, it's your users that install whatever they want, without any restrictions and don't know the difference between single and bundled installers. The solution is simple: prevent your users from downloading and installing everything they find on the web, and/or give them a formation about how to download and install a program without allowing the dozens of PUPs bundled with it to be installed as well.

Here's the removal guide for hohobnd on Malwarebytes.

Notice the following:

Quote

How did HohoSearch get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

So one of your user did install a program on his computer that had hohobnd bundled with it. 

Link to post
Share on other sites

Hello Aura! & Porthos! Thanks again for a Prompt reply! Apropos of the quoted reference, please note that the 'Hohosearch' has been classified as a -Browser Hijacker!..Now how come a Browser-Hijacker be ever portrayed as a benign PUP? I mean, the Threat-designation by Anti-Malware should have been Higher- in Red color rather than depicting a Yellow(Go-Easy) for the same!

Now 5-6 Scans spanning over a Period of >24Hours have been made, with plenty of Quarantined Items finding its haven at the respective Compilation(under History Tab). I wish to understand...that how really are such New Detections still possible? What's Powering-on the Malware Payload? 

During the initial-phase of Infection, The Context-Menu of Windows explorer were also showing up Weird (never seen before) entries such as--Winzipper!? & similarly, Windows Services were also observed to be portraying atleast 3 Rogue entries, with their Start-Up type set to Auto. 

You still think it be mere PUP playing such a Havoc!? Threat-Designation should have been much Higher than what came up during Diagnosis!

Iam the Only User for my PC, with absolute sane Surfing habits! :-) Yes, there did occur a Hitch to Ignorantly click on the Next-Next-next during the installation of one .Pdf Compressor Software,  & that's it!

Please Notify the Dev-Team to qualify the detection status for "Hohosearch" & "Yessearch" for a Red-marking (instead of Yellow) & similarly, respective SOP for an effective Clean-Up has to improved further. Thank you. 

Link to post
Share on other sites

Quote

Yes, there did occur a Hitch to Ignorantly click on the Next-Next-next during the installation of one .Pdf Compressor Software,  & that's it!

And this is probably what got you infected.

Quote

Iam the Only User for my PC, with absolute sane Surfing habits! :-)

If you had safe surfing habits, you wouldn't end up infected to be honest. Also, from your first posts, I thought you were the person in charge of IT for a company, because you hinted at "multiple users".

Quote

Please Notify the Dev-Team to qualify the detection status for "Hohosearch" & "Yessearch" for a Red-marking (instead of Yellow) & similarly, respective SOP for an effective Clean-Up has to improved further. Thank you. 

I'm pretty sure that threats in red are of a higher level of severity than simple browser hijackers/PUPs. To be honest, PUP can also cover certain Adware, it really depend on which one we are talking about.

I don't have the authority, nor the "right" to notify the development team of your request. A Malwarebytes employee will probably notice that thread soon and answer that query if needed. 

Also, if you are still infected, I strongly suggest you to get assisted in the malware removal section. All you have to do is to follow the instructions in the preparation guide below.

 

Link to post
Share on other sites

10 hours ago, saurabhdua said:

Can I clear the Quarantined Items?

The items in Quarantine can not damage your computer, they are encrypted. That being said, as @Aura has mentioned, they are usually not needed.  Most folks like to wait about a week or so to make sure they were not needed, then they can be emptied.

At least that is my practice.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.