Windows 10: Malware

Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet Explorer shortcut appears on my desktop, and whenever I scan my computer with Malwarebytes and delete the stuff that's popping up, it reappears the next day when it requests an update. I don't have a screenshot of it, but I have a list of what Malwarebytes detected as a virus.



Malwarebytes

www.malwarebytes.com



-Log Details-

Scan Date: 4/3/20

Scan Time: 3:58 PM

Log File: ee4beca2-75ed-11ea-b0a7-98fa9bed049c.json



-Software Information-

Version: 4.1.0.56

Components Version: 1.0.859

Update Package Version: 1.0.21860

License: Free



-System Information-

OS: Windows 10 Build 18362.720

CPU: x64

File System: NTFS

User: username\username



-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 426977

Threats Detected: 40

Threats Quarantined: 0

Time Elapsed: 1 min, 52 sec



-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect



-Scan Details-

Process: 0

No malicious items detected



Module: 0

No malicious items detected



Registry Key: 7

PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3B67D3A7-6BE7-0227-DA67-72A70AE7A127}, No Action By User, 880, 542290, , , ,

PUP.Optional.SelectedSearch, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,



Registry Value: 1

PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settingsbhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,



Registry Data: 0

No malicious items detected



Data Stream: 0

No malicious items detected



Folder: 3

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}, No Action By User, 880, 542290, 1.0.21860, , ame,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB, No Action By User, 289, 757187, 1.0.21860, , ame,



File: 29

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\HowToRemove.html.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, 880, 542290, 1.0.21860, , ame,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\chromium-min.jpg, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\control panel-min-min.JPG, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\down.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff menu.JPG, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff search engine-min.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\lusername\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ff.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ie.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\search engine.gif, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\setup pages.gif, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\sp-min.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\start-min.jpg, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\up.png, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\recodifat, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\soticanot, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninst.exe, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninstp.dat, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\ff search engine-min.png.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\hp-min ff.png.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\search engine.gif.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\setup pages.gif.lnk, No Action By User, 880, 542290, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 289, 757187, , , ,

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB\2.2_0\MANIFEST.JSON, No Action By User, 289, 757187, 1.0.21860, , ame,

Malware.Generic.1507988344, C:\WINDOWS\SYSTEM32\TASKS\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

Malware.Generic.1507988344, C:\USERS\username\APPDATA\ROAMING\53DBCFCAA18E4814ACC204346AE876DB\MOGINIMIHE.EXE, No Action By User, 1000000, 0, 1.0.21860, 6257ECA0AC73052259E21378, dds, 00660683

PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757186, 1.0.21860, , ame,



Physical Sector: 0

No malicious items detected



WMI: 0

No malicious items detected





end


If I go to the directory stated in some of them, C:\users\username\appdata\local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ ,

this is what is shown-




If anyone knows what any of this is- It would be greatly appreciated! I replaced my name with username in the directories for personal reasons.


Thanks

:)

 

Malware Detected

If this is what you are seeing suggest you follow all
ofthe steps listed in this removal guide:
https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error/

Other scanners that may help resolve this malware issue are listed in
List of Malware Removal Tools

Regards…

Top 10 Ways PUPs Sneak Onto Your Computer. And How To Avoid Them. | Emsisoft | Security Blog

 

Did our Epson printer get hacked?

Another question, is this on a home network or a work network? The steps @eidairaman1 listed are always a good first step. If this is on a work network you manage, I'd be much more concerned than the home one. It is possible someone is screwing with you, but malware could also be the culprit.

 

Best way to remove problem Malware

Hi There,

I am trying to remove a bundle of Malware without success.

There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

Buenosearch Toolbar
MyPC Backup
PC Performer
Speed Test 127
UnknownFile

I was looking at this weblink which provides a 5 step process for Buenosearch alone:
Remove Bueno Search (Removal Guide)

Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........