Windows 10: Malware

Discus and support Malware in AntiVirus, Firewalls and System Security to solve the problem; Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet... Discussion in 'AntiVirus, Firewalls and System Security' started by Compuuter, Apr 3, 2020.

  1. COMPUUTER
    Compuuter Win User

    Malware


    Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet Explorer shortcut appears on my desktop, and whenever I scan my computer with Malwarebytes and delete the stuff that's popping up, it reappears the next day when it requests an update. I don't have a screenshot of it, but I have a list of what Malwarebytes detected as a virus.



    Malwarebytes

    www.malwarebytes.com



    -Log Details-

    Scan Date: 4/3/20

    Scan Time: 3:58 PM

    Log File: ee4beca2-75ed-11ea-b0a7-98fa9bed049c.json



    -Software Information-

    Version: 4.1.0.56

    Components Version: 1.0.859

    Update Package Version: 1.0.21860

    License: Free



    -System Information-

    OS: Windows 10 Build 18362.720

    CPU: x64

    File System: NTFS

    User: username\username



    -Scan Summary-

    Scan Type: Threat Scan

    Scan Initiated By: Manual

    Result: Completed

    Objects Scanned: 426977

    Threats Detected: 40

    Threats Quarantined: 0

    Time Elapsed: 1 min, 52 sec



    -Scan Options-

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Detect

    PUM: Detect



    -Scan Details-

    Process: 0

    No malicious items detected



    Module: 0

    No malicious items detected



    Registry Key: 7

    PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3B67D3A7-6BE7-0227-DA67-72A70AE7A127}, No Action By User, 880, 542290, , , ,

    PUP.Optional.SelectedSearch, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,



    Registry Value: 1

    PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settingsbhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,



    Registry Data: 0

    No malicious items detected



    Data Stream: 0

    No malicious items detected



    Folder: 3

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}, No Action By User, 880, 542290, 1.0.21860, , ame,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB, No Action By User, 289, 757187, 1.0.21860, , ame,



    File: 29

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\HowToRemove.html.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, 880, 542290, 1.0.21860, , ame,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\chromium-min.jpg, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\control panel-min-min.JPG, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\down.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff menu.JPG, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff search engine-min.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\lusername\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ff.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ie.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\search engine.gif, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\setup pages.gif, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\sp-min.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\start-min.jpg, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\up.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\recodifat, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\soticanot, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninst.exe, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninstp.dat, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\ff search engine-min.png.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\hp-min ff.png.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\search engine.gif.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\setup pages.gif.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB\2.2_0\MANIFEST.JSON, No Action By User, 289, 757187, 1.0.21860, , ame,

    Malware.Generic.1507988344, C:\WINDOWS\SYSTEM32\TASKS\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, C:\USERS\username\APPDATA\ROAMING\53DBCFCAA18E4814ACC204346AE876DB\MOGINIMIHE.EXE, No Action By User, 1000000, 0, 1.0.21860, 6257ECA0AC73052259E21378, dds, 00660683

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757186, 1.0.21860, , ame,



    Physical Sector: 0

    No malicious items detected



    WMI: 0

    No malicious items detected





    end


    If I go to the directory stated in some of them, C:\users\username\appdata\local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ ,

    this is what is shown-

    Malware 770d75b5-f226-4c71-912e-d998d2c2d477?upload=true.png


    If anyone knows what any of this is- It would be greatly appreciated! I replaced my name with username in the directories for personal reasons.


    Thanks

    :)
     
    Compuuter, Apr 3, 2020
    #1
  2. LE BOULE
    Le Boule Win User
    Le Boule, Apr 3, 2020
    #2
  3. BOATVAN
    Boatvan Win User
    Did our Epson printer get hacked?

    Another question, is this on a home network or a work network? The steps @eidairaman1 listed are always a good first step. If this is on a work network you manage, I'd be much more concerned than the home one. It is possible someone is screwing with you, but malware could also be the culprit.
     
    Boatvan, Apr 3, 2020
    #3
  4. RADIORAHEEM
    radioraheem Win User

    Malware

    Best way to remove problem Malware

    Hi There,

    I am trying to remove a bundle of Malware without success.

    There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

    Buenosearch Toolbar
    MyPC Backup
    PC Performer
    Speed Test 127
    UnknownFile

    I was looking at this weblink which provides a 5 step process for Buenosearch alone:
    Remove Bueno Search (Removal Guide)

    Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........
     
    radioraheem, Apr 3, 2020
    #4
Thema:

Malware

Loading...

  1. Malware - Similar Threads - Malware

  2. Malware preventing the offline defender scan

    in AntiVirus, Firewalls and System Security
    Malware preventing the offline defender scan: My stupidity is giving me a headache. I was trying to download a cracked game and instead downloaded a virus or malware whatever I don't know the difference The malicious program is called Trojan:Win32/Malgent!MSR this was caught by the quick scan. So, what happened is that...

  3. Malware preventing the offline defender scan

    in Windows 10 Gaming
    Malware preventing the offline defender scan: My stupidity is giving me a headache. I was trying to download a cracked game and instead downloaded a virus or malware whatever I don't know the difference The malicious program is called Trojan:Win32/Malgent!MSR this was caught by the quick scan. So, what happened is that...

  4. Malware preventing the offline defender scan

    in Windows 10 Software and Apps
    Malware preventing the offline defender scan: My stupidity is giving me a headache. I was trying to download a cracked game and instead downloaded a virus or malware whatever I don't know the difference The malicious program is called Trojan:Win32/Malgent!MSR this was caught by the quick scan. So, what happened is that...

  5. how to restore microsoft defender after it gets deleted by a malware?

    in Windows 10 Gaming
    how to restore microsoft defender after it gets deleted by a malware?: i installed an .exe file but it didn't install the software it meant to do. instead ms defender got turned off and now only this blank window appears when i open it...

  6. how to restore microsoft defender after it gets deleted by a malware?

    in Windows 10 Software and Apps
    how to restore microsoft defender after it gets deleted by a malware?: i installed an .exe file but it didn't install the software it meant to do. instead ms defender got turned off and now only this blank window appears when i open it...

  7. is this malware? node.exe Node.js JavaScript Runtime - C:\Windows\System32\DomainAuthHost

    in Windows 10 Gaming
    is this malware? node.exe Node.js JavaScript Runtime - C:\Windows\System32\DomainAuthHost: Out of the nowhere I see this process now, node.js or node.exe I know its been only like 3 or 4 days bc I always check my processes on a daily basis. I found little information about this folder and process. The alarming part is at the same time I got this process Google sent...

  8. is this malware? node.exe Node.js JavaScript Runtime - C:\Windows\System32\DomainAuthHost

    in Windows 10 Software and Apps
    is this malware? node.exe Node.js JavaScript Runtime - C:\Windows\System32\DomainAuthHost: Out of the nowhere I see this process now, node.js or node.exe I know its been only like 3 or 4 days bc I always check my processes on a daily basis. I found little information about this folder and process. The alarming part is at the same time I got this process Google sent...

  9. Proxy Malware - c:\windows\system32\domainauthost\node.exe - Cannot Remove

    in Windows 10 Gaming
    Proxy Malware - c:\windows\system32\domainauthost\node.exe - Cannot Remove: Hi all,I have a proxy virus running on my Windows 11 Laptop. Already did a System reset but it came straight back.The service setting the proxy is node.exe running from Windows/System32/DomainAuthHost. If I delete the file and its associated files it returns immediately, and...

  10. Proxy Malware - c:\windows\system32\domainauthost\node.exe - Cannot Remove

    in Windows 10 Software and Apps
    Proxy Malware - c:\windows\system32\domainauthost\node.exe - Cannot Remove: Hi all,I have a proxy virus running on my Windows 11 Laptop. Already did a System reset but it came straight back.The service setting the proxy is node.exe running from Windows/System32/DomainAuthHost. If I delete the file and its associated files it returns immediately, and...