Jump to content

Malwarebytes detected google cache file as a potential virus


Recommended Posts

Hey guys I really need your help as I can not identify whether this is a virus file or not. I also tried virus total and 14/72 virus scans detected it as malicious.

The file was hidden under the following path: C:\Users\[MY USER]\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data and the file name was f_000826

Could someone pls assist me

Link to post
Share on other sites

Welcome :)

Please download  Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
Edited by JSntgRvr
Typo
  • Like 1
Link to post
Share on other sites

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location  FRSTE64.exe is saved
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Lets give a try to Malwarebytes Antimalware and Adwcleaner to scan your computer

https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/\

https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/

Attach their reports.

Edited by JSntgRvr
  • Like 1
Link to post
Share on other sites

Hey @JSntgRvr, I just followed your steps and here is the Fixlog.txt.

I also want to clarify something first (to avoid misunderstanding) but when I first initiated this form I was already running a malwarebytes > advanced scanner > custom scan > scan for rootkits (and all other boxes selected) > selected C  Drive > ran it.

I was lucky because 5-10minutes after your reply it finished (After 2:36hrs) and I got the log that I just attached in this reply. 

So my question is, after the fixit stuff you had me do, my desktop restarted, do you want me to do the malwarebytes scan again? Also the potential virus (titled as per the first message of this forum post) is quarantined now.

I am going to do the adwcleaner now as well, so expect another reply coming from me for that log file. I wanted to give you the time already to scan these other two log files.

OH I almost forgot: but something that I found very remarkable was when I am trying to do the full advanced system scan, previously I was also able to check my :D, :E and other disk(partitions) but now I only see my C drive in the malwarebytes GUI.

Fixlog.txt malwarebytes FULL SCAN results.txt

Link to post
Share on other sites

4 minutes ago, ineedhelpfrommalwaredetect said:

Hey @JSntgRvr, I just followed your steps and here is the Fixlog.txt.

I also want to clarify something first (to avoid misunderstanding) but when I first initiated this form I was already running a malwarebytes > advanced scanner > custom scan > scan for rootkits (and all other boxes selected) > selected C  Drive > ran it.

I was lucky because 5-10minutes after your reply it finished (After 2:36hrs) and I got the log that I just attached in this reply. 

So my question is, after the fixit stuff you had me do, my desktop restarted, do you want me to do the malwarebytes scan again? Also the potential virus (titled as per the first message of this forum post) is quarantined now.

I am going to do the adwcleaner now as well, so expect another reply coming from me for that log file. I wanted to give you the time already to scan these other two log files.

OH I almost forgot: but something that I found very remarkable was when I am trying to do the full advanced system scan, previously I was also able to check my :D, :E and other disk(partitions) but now I only see my C drive in the malwarebytes GUI.

Fixlog.txt 1.3 MB · 0 downloads malwarebytes FULL SCAN results.txt 1.45 kB · 0 downloads

Here is the adwcleaner (it didn't find anything, I followed the steps in that forum carefully)

AdwCleaner[S00].txt

Link to post
Share on other sites

6 minutes ago, ineedhelpfrommalwaredetect said:

OH I almost forgot: but something that I found very remarkable was when I am trying to do the full advanced system scan, previously I was also able to check my :D, :E and other disk(partitions) but now I only see my C drive in the malwarebytes GUI.

UPDATE: I just checked malwarebytes but now my other disks(+ their respective partitions) do show up and I am running a scan for those

Link to post
Share on other sites

It is taking a bit of your resources:

Quote

Process=thorium                   CPU_Usage=157          Memory_Usage_(MB)=176.43          
Process=thorium#1                 CPU_Usage=0            Memory_Usage_(MB)=1.33            
Process=thorium#2                 CPU_Usage=0            Memory_Usage_(MB)=74.14           
Process=thorium#3                 CPU_Usage=0            Memory_Usage_(MB)=9.23            
Process=thorium#4                 CPU_Usage=0            Memory_Usage_(MB)=6.02            
Process=thorium#5                 CPU_Usage=0            Memory_Usage_(MB)=18.77           
Process=thorium#6                 CPU_Usage=0            Memory_Usage_(MB)=26.1            
Process=thorium#7                 CPU_Usage=0            Memory_Usage_(MB)=26.89           
Process=thorium#8                 CPU_Usage=0            Memory_Usage_(MB)=13.16           
Process=thorium#9                 CPU_Usage=0            Memory_Usage_(MB)=24.77           
Process=thorium#10                CPU_Usage=0            Memory_Usage_(MB)=70.79           
Process=thorium#11                CPU_Usage=0            Memory_Usage_(MB)=11.55           
Process=thorium#12                CPU_Usage=0            Memory_Usage_(MB)=5.77            
Process=thorium#13                CPU_Usage=0            Memory_Usage_(MB)=111.68          
Process=thorium#14                CPU_Usage=0            Memory_Usage_(MB)=19.25           
Process=thorium#15                CPU_Usage=0            Memory_Usage_(MB)=107.2           
Process=thorium#16                CPU_Usage=0            Memory_Usage_(MB)=89              
Process=thorium#17                CPU_Usage=0            Memory_Usage_(MB)=2.87            
Process=thorium#18                CPU_Usage=64           Memory_Usage_(MB)=132.69          
Process=thorium#19                CPU_Usage=0            Memory_Usage_(MB)=31.54           
Process=thorium#20                CPU_Usage=0            Memory_Usage_(MB)=19.27           
Process=thorium#21                CPU_Usage=0            Memory_Usage_(MB)=18.53           
Process=thorium#22                CPU_Usage=0            Memory_Usage_(MB)=7.39            


 

  • Like 1
Link to post
Share on other sites

7 hours ago, JSntgRvr said:

It is taking a bit of your resources:


 

This is an open source project of an improved "google chrome". Just like how you have chromium, there is something on top of that called chromium. https://thorium.rocks/ https://github.com/Alex313031/Thorium-Win. And yeah browsers are really memory hungry, especially chrome (and versions building on top of that).

Link to post
Share on other sites

Also, I was actually mostly interested what the file f_000826 was doing actually. I see that it is now deleted from my quarantine list. this is most likely due to the script that deleted the cache files of google chrome. But I wasn't even sure if it was malware in the first place, did you manage to find that out @JSntgRvr?

Perhaps, it was just a false positive. I am not sure but I really want to know so I can find ways to further my security hygiene.

Link to post
Share on other sites

Very well. Those files were part of your browser's Cache, and deleted.

Use this application to remove tools used and their quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

Malwarebytes Browser Guard

uBlock Origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Link to post
Share on other sites

I appreciate your help a lot @JSntgRvr, I find it very unfortunate that it is no longer possible to identify whether this was a false positive or an actual threat to my computer. Especially, since I tend to really focus and use multiple tools to eliminate malware and also since this detection was a Machinelearning/anomalous.97% detection. which is heavily dependent on its fed parameters. I am yet to wait for a solution regarding this

Link to post
Share on other sites

If you check the fixlog.txt, you will see that the file was one of many. Now, why wasting your time is detecting malware on temporary folders? If the file is in a temp folder, you just delete the file. System files, or even application files should never run from a temporary folder.

Link to post
Share on other sites

I was just speculating on what could be the potential cause, as I rather treat causes to a problem as opposed to symptoms. We might differ in that regard.

Anyway I do appreciate your help. Wish I would have known the full story to this file.

> BTW you were refering to system files and application files running from a temp storagepoint.

> How are you so sure these were executables? I personally did not know, it just showed "file" for me. running it in a text editor such as vscode showewd me that it were unreadable random bytes. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.