Jump to content

FRST detects part of Visual Studio as malware


sp123
Go to solution Solved by MKDB,

Recommended Posts

I'm not sure if this is the correct place to post this (it probably isn't)

I was running FRST to look for files remaining from uninstalling Google Chrome, and I noticed this line:

Task: {EEC57E55-AAD6-449C-B510-B344039D2855} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [69072 2022-06-21] (Microsoft Corporation -> Microsoft) <==== ATTENTION

The file is digitally signed and isn't detected by any AVs on VT. I have both MBAM and WD running and neither detected anything (either on folder scan or quick/threat). FRST logs attached, along with said file & the result of the schtasks command.

Is this a bug?

FRST.txt Addition.txt schtasks.txt BackgroundDownload.zip

Edited by sp123
Scan results
  • Thanks 1
Link to post
Share on other sites

Hello @sp123 and welcome back:

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

  • Like 1
Link to post
Share on other sites

6 minutes ago, sp123 said:

Thanks! That is what I thought, but just wanted to make sure.

Thanks for all your work helping on this forum (and any others?).

You're welcome @sp123.

I'm helping at BC, MB & TB (whenever I have anough time beside family). 😉

Take care!

Edited by MKDB
  • Like 1
Link to post
Share on other sites

  • Root Admin

@sp123

If you're trying to fully remove Google Chrome after an uninstall and you're sure there is not data you want to keep, you can run the following FIXLIST with the Farbar program and it will go through and attempt to fully remove Google Chrome for you.

 

WARNING: This script will forcefully remove ALL of Google Chrome. DO NOT run this script unless you want to fully remove Google Chrome. There is not backup, no restore, files are permanently removed.

fixlist.txt

Thanks

 

 

  • Like 2
Link to post
Share on other sites

  • Root Admin

Here are some recommendations. I'll go ahead and close your topic now. Take care.

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.