Muzapp.exe downloaded as by magic and detected by Malwarebytes

[scopio]

Powered on the pc this morning and Malwarebytes immediately flagged C:\Windows|SysWOW64\muzapp.exe! I never downloaded it or have any music software that use Muzapp or MusicCity Co Ltd. On another website it has reference to Samsung of which I have two SSD.

I have quarantined the file but I am intrigued as to how it got downloaded? 

[Maurice Naggar]

Hello @scopio     

I need a report set for review.   This is a report only.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.
• To send  ( upload)   attachments please click the link marked "ADD File". Then browse to where your file is located and select it and click the Open button.

 

 

Only after you are all set plus have uploaded the ZIP file, then press the button "Submit Reply" in blue color.   Please have patience throughout this case.  Understand also I am a volunteer here.

Cheers.

[scopio]

mbst-grab-results.zip

[Maurice Naggar]

We will need to run (later on) a on-demand report.  The report set that was uploaded did not have the complete expected set.

The first step I suggest to be done is a Update run for Malwarebytes for Windows.

Start Malwarebytes for Windows.

1. Click Settings.
2. In the General tab,    click on "Check for Updates " button.   

3. Watch & follow all prompts. 

4. Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for 

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Edited September 1, 2021 by Maurice Naggar

[Maurice Naggar]

You asked how the malware could have got on your machine. The most likely means is via one of the web browsers. For example, a drive-by visit to some website. At times, this could be possible on a inadvertent click on a link in some email.
This following quote section is about adware though the methods of entry used are the same as malware.

Quote

 

The most common ways for adware to infect PCs today are through toolbars/browser extensions, bundled software, and downloads offered by pop-ups.

A Trojan containing adware may pretend to be something you want, such as a plug-in or video player, but what you really end up downloading is an adware installer. Adware may also hide inside a legitimate download from an unethical site. Often, it shows up in downloaded files from torrents or piracy sites. It’s even making its way into the Google Play Store

 

qf https://blog.malwarebytes.com/101/2018/01/how-to-remove-adware-from-your-pc/

[scopio]

Followed your instructions above. Malwarebytes needed to be updated which I did.

4. Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for 

"Scan for rootkits" is ON. It was ON

 

Next click the blue button marked Scan.

Scan Report < No detections>

Malwarebytes Scan Report.txt

I had quarantined "muzapp.exe" when I first noticed it on power on today.

I am still baffled as to why it was not detected yesterday or earlier and was detected powering on the pc for the first time today. I have not downloaded any new software or clicked on links on emails that I don't know who has sent it. Anyway thanks for you prompt help.

[Maurice Naggar]

That scan report is all good.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that  Chrome & Edge & all other web-browsers  are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Let me know the bottom line result. 

[scopio]

AdwCleaner Log file

AdwCleaner[S10].txt

[Maurice Naggar]

Thanks.  That Adwcleaner report is very good.

Now a pair of reports to check some statuses.  These are just reports.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

• If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

[   2   ]

This is a different sort of report.  

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center/Action Center
• Windows Update
• Windows Defender
• Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.    😁

[scopio]

Security Check by galax24 log

SecurityCheck.txt

FSS log

FSS.txt

[Maurice Naggar]

Insuring that all programs are up-to-date with latest versions is a key aspect of keeping computer secure.  These are what need attention from you to insure they get updated.  From the SecurityCheck report.

KeePass Password Safe 1.39 v.1.39   Warning! Download Update

Microsoft Teams v.1.4.00.7174 Warning! Download Update
Zoom v.5.4.3 (58891.1115) Warning! Download Update
Skype version 8.67 v.8.67 Warning! Download Update
VLC media player v.3.0.14 Warning! Download Update

As to HItmanpro, is that a trial ?  or did you purchase a license?  If you are done with it, and it is a trial, then you should Uninstall Hitmanpro.

Now then, a entirely separate point.  On this machine, is the Windows 10 Microsoft Defender antivirus the sole and only antivirus application?  If so, that needs additional attention.

[scopio]

I will update all software needing to be updated.

HitmanPro is a purchased licence.

Windows Defender is the only antivirus along with Malwarebytes Premium.

[Maurice Naggar]

ok.  Malwarebytes For Windows Premium is the best anti-malware app.  Just keep in mind that it is not a traditional antivirus.

I would like you to run the Microsoft Safety Scanner just to do a quick scan  & also that Microsoft Defender be enabled for anti-spyware protection.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  QUICK  scan.

Then start the scan. 

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.   The intermediate displays of this tool should be dis-regarded.  Only the final results are what count.   

[scopio]

Uninstalled Microsoft Team and Zoom as I no longer need them.

Keepass Password Safe does not need updating

Updated Skype and VLC media player

Microsoft Safety Scanner log

msert.log

 

Windows Security

[Maurice Naggar]

The Microsoft Safety Scanner found no infection.   Do you need further help ?

You can delete msert.exe

Delete securitycheck.exe

Delete mbst-grab-results.zip

Delete FSS.exe

Delete mb-support-1.8.7.918.exe

[scopio]

Everything now looks clean so, no I do not need further help.

 

I am most grateful for all your help and patience.

Thank you.

[Maurice Naggar]

You are very very welcome.    

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you