Jump to content

Potential Malware - Help


Go to solution Solved by Maurice Naggar,

Recommended Posts

Scan today flagged a lot of potential Reg keys (see attached scan results)
Quarantined them to be safe.
Can anyone with a better understanding tell me how bad it looks and if I need to take further action please?

It also flagged PDF suite, which i have had for over a year, and confident it was a legit program at the time, but I don't use it very often so happy to lose it now if it looks suspicious.

Also ran Adwcleaner and it flagged some firewall setting for a program that run security cameras and quarantined them.

Any help would be appreciated.
Link to post
Share on other sites

Hello @BeamyOstrich and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Link to post
Share on other sites

3 hours ago, Maurice Naggar said:

Hello @BeamyOstrich The Malwarebytes scan dated 2023-08-27  T08:44:23Z found what it classifies as PUP.Optional.Avanquest.
The first question occurs, was the PDF SUITE 2021 purchased at a retail store or directly from Avanquest ?

Hi @Maurice Naggar, thanks for the question.

licence was purchased through a bundle via “Humble Bundle” on 18/March/22 following their install instructions. 

support.humblebundle.com/hc/en-us/articles/4741960376475

So not exactly direct, but I believe humble to have good standing. 

IMG_3264.jpeg

Link to post
Share on other sites

  • Solution

Hello. From long-ago past, I recall Avanquest as the maker of add-on utilities for Windows.
You ought to consider to look at all the PDF Suite 2021 items in the Malwarebytes Quarantine.
and to RESTORE them all.
and to set all of them under "Exclusion Rules" from protection or scanning of Malwarebytes.
See, study https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows

also https://support.malwarebytes.com/hc/en-us/articles/360038479234-Exclude-detections-in-Malwarebytes-for-Windows

Link to post
Share on other sites

Thanks for the suggestion @Maurice Naggar, sorry for late reply.

I restored the program and later elected to uninstall completely due to lack of use, just to be on the safer side. A scan after uninstall and no detection's, so assuming everything detected only related to the program "PDF Suite". 

I notified Avanquest Software support, to make them aware at least of this potentially happening to others.

 

Appreciate you trying to help a stranger on the internet. As I am not too knowledgeable on these subjects, even though this looks to be very minor, it can be stressful not understanding how bad it is by the scan results alone.

 

 

Link to post
Share on other sites

You are very welcome. I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on

FRSTENGLISH.exe

& select

RENAME

& then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.9.2.982.exe on Downloads
Delete mbst-grab-results.zip on the Desktop.

Adwcleaner you may keep and use as needed.
Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.