Jump to content

Spyware.OnlineGames


Recommended Posts

Hello,

Malewarebyes just dectected a malicius program (Spyware.OnlineGames) in the file C:\WINDOWS\system32\updater.exe

I moved it into quarantine and there it still is.

MB found the said program during a scan by Secunia PSI, a program which detects other programs in need to be updatet for security reasons.

After that I did a complete scan with Malwarebytes. Nothing was found.

My questions are:

Could it have been a false positive (regarding the fact that it occured during the secunia scanning process)? How will I know this?

If it was in fact a true positive, do I have to take further measures to make sure that my computer is not in danger?

Can I delete the file/Entry in the quarantine by using the delete bottom?

Btw:

I scanned the said folder with Avira, nothing was found.

I never ever did play an online game in this computer.

Thanks for any help!!

Link to post
Share on other sites

Oh, I don't know if I think it is a false positive, rather not I'm afraid.

But anyway, I read the instruction to report an false positive. But as MB did deteced this automatically, a new scan will not help, will it? So, should I restore the file which is in the quaranine now and await a new detection? Will this not be dangerous by any means?

Sorry for asking that, I'm not too deep into the matter, as you can see.

Link to post
Share on other sites

Well from the location of the file it is a bit strange, restoring the file can be done and then submitting it in a zip format would be OK. The you could run a quick scan and re-detect the file so you can once again remove it.

But as you stated you believe you are over your head, so leaving it as is will be OK. If your computer is running fine now and has no more signs of an infection you should be good to go.

Should you decide you want to submit the file, I am sure either I or someone else can walk you through it.

Link to post
Share on other sites

What happened now?

I did press the restore bottom to uploade the file for a closer check.

The entry, of corse, vanished form the quarantine box, but was not to be found in the folder indicated (windows/system32) In fact, it is nowhere to be found. Even a new scan did not help.

To make things clear, I did not use the delete bottom.

Now I'm somehow concerned that my computer is still infected.

Link to post
Share on other sites

Hi man4429 -

Check your Malwarebytes Logs and see if it is listed in there -

That will show if it was detected, quarantined, or removed -

Also look in C:\WINDOWS\system32\updater.exe to see if it was removed from there.

If it was located when MB found the said program during a scan by Secunia PSI it must have been already installed.

Thank You -

Link to post
Share on other sites

Hi,

in the meantime I mangaged to restore the file in question. As MB detected it once again, I deleted it from the quarantine to where MB pushed it again.

After that I did a check with OTL (on advise of Avira), my standard antivirus provider and everything seems to be ok.

It was only Avira who suggested to install MB as well to have a more complete protection, which I did long time ago. It runs in the background and of course found the malware mentioned.

Now they (Avira)told me, it would be counterproductive (if not dangerous) to run both, Avira and MB, as active "on-access-scanners" at the same time and advised me to stop running MB in the background but only to scan the system manually with MB from time to time.

As I'm quite amateurish in this matter I'd like to have your opinion, too.

Best wishes

Link to post
Share on other sites

You can run both Avira and Malwarebytes together, if you like you can enter exceptions to avoid any conflicts as listed below:

AVIRA

Set Exclusions for Malwarebytes' Anti-Malware in Avira on 32 bit Windows Versions:

  1. Open Avira and click on Local Protection on the left
  2. Click on Guard
  3. Click on Configuration on the upper right
  4. Click the checkbox next to Expert mode on the upper left so that it is checked
  5. Under Guard, click the + next to Scan to expand the list
  6. Click on Exceptions
  7. Under Processes to be omitted by the Guard click the ... button next to the blank white box
  8. In the browse window that opens, navigate to C:\Program Files\Malwarebytes' Anti-Malware
  9. Double-click on mbam.exe then click the Add button
  10. Repeat steps 7-9 for the following files:
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click on Apply

[*]Close Avira's window

Set Exclusions for Malwarebytes' Anti-Malware in Avira on 64 bit Windows Versions:

  1. Open Avira and click on Local Protection on the left
  2. Click on Guard
  3. Click on Configuration on the upper right
  4. Click the checkbox next to Expert mode on the upper left so that it is checked
  5. Under Guard, click the + next to Scan to expand the list
  6. Click on Exceptions
  7. Under Processes to be omitted by the Guard click the ... button next to the blank white box
  8. In the browse window that opens, navigate to C:\Program Files (x86)\Malwarebytes' Anti-Malware
  9. Double-click on mbam.exe then click the Add button
  10. Repeat steps 7-9 for the following files:
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click on Apply

[*]Close Avira's window

Set Exclusions for Avira in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Avira and click OK
  • Close Malwarebytes' Anti-Malware

If you have any problems, please post back and one of the Experts will assist you

Thanks, ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.