Jump to content

Malware was detected on my computer - is my computer safe?


JPC
 Share

Recommended Posts

I know essentially nothing about computers, but I have both Kaspersky Free and a free trial of Malwarebytes premium. A little more than a week ago, Kaspersky detected multiple "network attacks" on my laptop. I assumed that because Kaspersky detected them, my computer should be fine. But two days ago, Malwarebytes detected malware on my laptop. So now I'm wondering whether this malware got onto my computer because of the network attacks or if something else caused the malware. If the malware was caused by the network attacks, then that would suggest that Kaspersky failed to block all the network attacks, right? 

I was told that if I follow the instructions on this page, then someone might be able to determine how the malware got onto my computer and might also be able to double-check to make sure that there isn't any undetected malware remaining on my computer. Is that possible? 

Again, I am not tech savvy at all, so I don't really understand what the "Farbar Recovery Scan Tool" is, nor do I understand what the FRST and Addition files are. But as long as I attach those files, is that all I need to do? Let me know if I need to do anything else. Thanks!

FRST.txt Addition.txt malwarebytes threat scan.txt

Link to post
Share on other sites

  • Root Admin

Hello @JPC

That is not an infection. It is an installer for a program you downloaded that was detected as a threat. In many cases programs like those often install other unwanted software.

Please do the following. Temporarily disable Kaspersky and clean up Google Chrome

 

Then once that's done again make sure Kaspersky is disabled and run an ESET scan.

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Then when done make sure you re-enable your Kaspersky antivirus

 

Link to post
Share on other sites

  • Root Admin

Personally I'd just ignore it. Most experts feel programs like this are snake oil and not needed.

Are you having a specific issue with the computer you need help with?

Generally speaking for drivers you should always try to directly download them from the hardware vendor.

 

Link to post
Share on other sites

  • Root Admin

Sorry, I don't have an answer for you. Someone or some process downloaded the file. Not much else I can tell you about that.

All we can do is continue to review and make sure there is no current infection.

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Link to post
Share on other sites

On 2/26/2021 at 10:13 PM, AdvancedSetup said:

Hello @JPC

That is not an infection. It is an installer for a program you downloaded that was detected as a threat. In many cases programs like those often install other unwanted software.

Please do the following. Temporarily disable Kaspersky and clean up Google Chrome

 

 

 

Could you elaborate on this? Why am I disabling Kaspersky and cleaning up Google Chrome before running the ESET scan? 

Link to post
Share on other sites

  • Root Admin

Chrome is notorious for saving scripts, and objects that can cause redirects or show ad, popups, etc that are not wanted by most.

I'm simply providing ESET as a secondary scanner to show you that there probably is not any infection on the computer. If you leave kaspersky running it will more than likely block and not allow the scan from ESET.

It's up to you. If you don't wish to scan you do not have to.

These are simply suggestions to try to help you have a better, cleaner running computer but you do not have to take our advice.

 

Link to post
Share on other sites

Hey - sorry for the super late reply to this. I did go ahead and use https://virustotal.com to scan the C:\USERS\JEREM\DOWNLOADS\DRIVER_BOOSTER_SETUP.EXE file. But I don't know how to read the results.

Is there a way for me to share the results with you so that you can take a look at them? Or is there anything in particular that I should be looking for in the results? 

Link to post
Share on other sites

I'm not sure I understand. This is the webpage that displays when I scanned the file. 

https://www.virustotal.com/gui/file/5d65efc16ca2ceedcc742ecc37acc36ed98d3e295cc13abbba490252a277c661/detection

Yesterday, it was a little different. I clicked the "Reanalyze file" button a moment ago, and now the page is saying, "4 engines detected this file", but yesterday, when I first scanned the file, the results said, "5 engines detected this file". 

The page that you linked to is saying "One engine detected this file". 

Why the discrepancies? 

Link to post
Share on other sites

  • Root Admin

Not sure where you got this link above from. That is not the file that was detected in our logs originally, which we have since removed from detection.

image.png

This LOG shows a completely different file being scanned and detected.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/24/21
Scan Time: 10:50 AM
Log File: 007a2ae4-76b8-11eb-8d19-3ca0676ab6f8.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37439
License: Trial

-System Information-
OS: Windows 10 (Build 19041.804)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 311862
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 8 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.4202604854, C:\USERS\JEREM\DOWNLOADS\DRIVER_BOOSTER_SETUP.EXE, Quarantined, 1000000, 0, 1.0.37439, C785807D3DE9915FFA7EA936, dds, 01131268, 4A6CB96CDC686B74D1C1A35E8FE0DFBB, 5D65EFC16CA2CEEDCC742ECC37ACC36ED98D3E295CC13ABBBA490252A277C661

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

I wasn't sure how to scan the file while it was still quarantined by Malwarebytes, so I had Malwarebytes restore the file, then I uploaded the file to Virus Total. Doing that resulted in the page that I linked to. So I'm not sure how it can be a different file. Maybe quarantining the file or restoring the file changed the file in some way? I don't know.

Link to post
Share on other sites

  • Root Admin

No, if you restored it then it would put it back 100% the way it was by name and hash.

I'm sorry. I cannot explain the issue for you. At this time though other scans do not show an issue with your computer.

Is there something else I can assist you with at this time ?

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.