Jump to content

Recommended Posts

https://fil.email/bg2c3HTm

I think you will be able to see it with the above file...I did a scan now and the bloody things are back. Let me know if you can see it...at least I now know the softwares that are triggering this to happen:

Microsoft Outlook
Microsoft Excel
Google Chrome
Line App
Viber App
Chatstack Messenger
iVMS-4200 (Camera software)

It has to be one of these...I will go ahead and open one by one and then scan to see if I can identify which one is triggering those 2 files in case you can not see it in the log...but I reckon you will see it now.

Link to post
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Followup for others that come along to read this topic, so that there is a final answer, feedback.

This was a very old and somewhat benign entry. Working with the user we tracked down the source.

Internet Explorer was not the default browser, however when running the Outlook program it appears to have or use certain features that do make calls to Internet Explorer. With the search scope removed and the call is made it re-wrote the search scope data. The search provider was Bing. I had him install Google as a search provider in Internet Explorer. Then remove the Bing search provider. Then scan with Malwarebytes and remove the entries. Then relaunch Outlook and now those registry scope entries from Bing are no longer restored. All is once again clean in the scan logs.

Untested, but my belief is that if a "new" install of the Bing search provider was installed it probably would not use those same old values, and thus the detection would not return.

 

 

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.