Jump to content

Muzapp.exe downloaded as by magic and detected by Malwarebytes


scopio
 Share

Go to solution Solved by Maurice Naggar,

Recommended Posts

Powered on the pc this morning and Malwarebytes immediately flagged C:\Windows|SysWOW64\muzapp.exe! I never downloaded it or have any music software that use Muzapp or MusicCity Co Ltd. On another website it has reference to Samsung of which I have two SSD.

I have quarantined the file but I am intrigued as to how it got downloaded? 

2021-09-01_14-19-17.jpg

Link to post
Share on other sites

Hello @scopio     :welcome:

I need a report set for review.   This is a report only.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link marked "ADD File". Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

Only after you are all set plus have uploaded the ZIP file, then press the button "Submit Reply" in blue color.   Please have patience throughout this case.  Understand also I am a volunteer here.

Cheers.

  • Thanks 1
Link to post
Share on other sites

  • Solution

We will need to run (later on) a on-demand report.  The report set that was uploaded did not have the complete expected set.

The first step I suggest to be done is a Update run for Malwarebytes for Windows.

Start Malwarebytes for Windows.

  1. Click Settings.
  2. In the General tab,    click on "Check for Updates " button.   
  3. Watch & follow all prompts. 

  4. Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for 

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites

You asked how the malware could have got on your machine. The most likely means is via one of the web browsers. For example, a drive-by visit to some website. At times, this could be possible on a inadvertent click on a link in some email.
This following quote section is about adware though the methods of entry used are the same as malware.

Quote

 

The most common ways for adware to infect PCs today are through toolbars/browser extensions, bundled software, and downloads offered by pop-ups.

A Trojan containing adware may pretend to be something you want, such as a plug-in or video player, but what you really end up downloading is an adware installer. Adware may also hide inside a legitimate download from an unethical site. Often, it shows up in downloaded files from torrents or piracy sites. It’s even making its way into the Google Play Store

 

qf https://blog.malwarebytes.com/101/2018/01/how-to-remove-adware-from-your-pc/

  • Thanks 1
Link to post
Share on other sites

Followed your instructions above. Malwarebytes needed to be updated which I did.

4. Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for 

"Scan for rootkits" is ON. It was ON

 550799807_scanrootkits.jpg.ccc2e2b3b4a0954cb4d8f4ad1e073fd7.jpg

Next click the blue button marked Scan.

Scan Report < No detections>

Scan.jpg.2e68c5d25e0c6f75b66aedd281dbdb56.jpg

Malwarebytes Scan Report.txt

I had quarantined "muzapp.exe" when I first noticed it on power on today.

I am still baffled as to why it was not detected yesterday or earlier and was detected powering on the pc for the first time today. I have not downloaded any new software or clicked on links on emails that I don't know who has sent it. Anyway thanks for you prompt help.

Link to post
Share on other sites

That scan report is all good.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that  Chrome & Edge & all other web-browsers  are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Let me know the bottom line result. 

  • Thanks 1
Link to post
Share on other sites

Thanks.  That Adwcleaner report is very good.

Now a pair of reports to check some statuses.  These are just reports.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

  • If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

[   2   ]

This is a different sort of report.  

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.    😁

  • Thanks 1
Link to post
Share on other sites

Insuring that all programs are up-to-date with latest versions is a key aspect of keeping computer secure.  These are what need attention from you to insure they get updated.  From the SecurityCheck report.

KeePass Password Safe 1.39 v.1.39   Warning! Download Update

Microsoft Teams v.1.4.00.7174 Warning! Download Update
Zoom v.5.4.3 (58891.1115) Warning! Download Update
Skype version 8.67 v.8.67 Warning! Download Update
VLC media player v.3.0.14 Warning! Download Update

As to HItmanpro, is that a trial ?  or did you purchase a license?  If you are done with it, and it is a trial, then you should Uninstall Hitmanpro.

Now then, a entirely separate point.  On this machine, is the Windows 10 Microsoft Defender antivirus the sole and only antivirus application?  If so, that needs additional attention.

  • Like 1
Link to post
Share on other sites

ok.  Malwarebytes For Windows Premium is the best anti-malware app.  Just keep in mind that it is not a traditional antivirus.

I would like you to run the Microsoft Safety Scanner just to do a quick scan  & also that Microsoft Defender be enabled for anti-spyware protection.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  QUICK  scan.

Then start the scan. 

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.   The intermediate displays of this tool should be dis-regarded.  Only the final results are what count.   :cool:

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.