Windows 10: Malware

Discus and support Malware in AntiVirus, Firewalls and System Security to solve the problem; Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet... Discussion in 'AntiVirus, Firewalls and System Security' started by Compuuter, Apr 3, 2020.

  1. COMPUUTER
    Compuuter Win User

    Malware


    Hello, does anyone know why at least once or twice every day, a popup wanting to update chromium appears in the command prompt window, an Internet Explorer shortcut appears on my desktop, and whenever I scan my computer with Malwarebytes and delete the stuff that's popping up, it reappears the next day when it requests an update. I don't have a screenshot of it, but I have a list of what Malwarebytes detected as a virus.



    Malwarebytes

    www.malwarebytes.com



    -Log Details-

    Scan Date: 4/3/20

    Scan Time: 3:58 PM

    Log File: ee4beca2-75ed-11ea-b0a7-98fa9bed049c.json



    -Software Information-

    Version: 4.1.0.56

    Components Version: 1.0.859

    Update Package Version: 1.0.21860

    License: Free



    -System Information-

    OS: Windows 10 Build 18362.720

    CPU: x64

    File System: NTFS

    User: username\username



    -Scan Summary-

    Scan Type: Threat Scan

    Scan Initiated By: Manual

    Result: Completed

    Objects Scanned: 426977

    Threats Detected: 40

    Threats Quarantined: 0

    Time Elapsed: 1 min, 52 sec



    -Scan Options-

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Detect

    PUM: Detect



    -Scan Details-

    Process: 0

    No malicious items detected



    Module: 0

    No malicious items detected



    Registry Key: 7

    PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3B67D3A7-6BE7-0227-DA67-72A70AE7A127}, No Action By User, 880, 542290, , , ,

    PUP.Optional.SelectedSearch, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E2DA0264-4A93-4EF6-B21F-05FD43123948}, No Action By User, 1000000, 0, , , ,



    Registry Value: 1

    PUP.Optional.SelectedSearch, HKU\S-1-5-21-680131693-1152990031-1992906804-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settingsbhdinjalofclbacjijgifpahcnjapclb, No Action By User, 289, 757187, , , ,



    Registry Data: 0

    No malicious items detected



    Data Stream: 0

    No malicious items detected



    Folder: 3

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}, No Action By User, 880, 542290, 1.0.21860, , ame,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB, No Action By User, 289, 757187, 1.0.21860, , ame,



    File: 29

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\HowToRemove.html.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\LOCAL\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, 880, 542290, 1.0.21860, , ame,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\chromium-min.jpg, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\control panel-min-min.JPG, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\down.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff menu.JPG, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ff search engine-min.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\lusername\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ff.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\hp-min ie.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\search engine.gif, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\setup pages.gif, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\sp-min.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\start-min.jpg, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\up.png, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\recodifat, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\soticanot, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninst.exe, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\Users\username\AppData\Local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\uninstp.dat, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\ff search engine-min.png.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\hp-min ff.png.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\search engine.gif.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.WinYahoo.TskLnk, C:\USERS\username\APPDATA\ROAMING\Microsoft\Windows\Recent\setup pages.gif.lnk, No Action By User, 880, 542290, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 289, 757187, , , ,

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHDINJALOFCLBACJIJGIFPAHCNJAPCLB\2.2_0\MANIFEST.JSON, No Action By User, 289, 757187, 1.0.21860, , ame,

    Malware.Generic.1507988344, C:\WINDOWS\SYSTEM32\TASKS\{53DBCFCA-A18E-4814-ACC2-04346AE876DB}\moginimihe, No Action By User, 1000000, 0, , , ,

    Malware.Generic.1507988344, C:\USERS\username\APPDATA\ROAMING\53DBCFCAA18E4814ACC204346AE876DB\MOGINIMIHE.EXE, No Action By User, 1000000, 0, 1.0.21860, 6257ECA0AC73052259E21378, dds, 00660683

    PUP.Optional.SelectedSearch, C:\USERS\username\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 289, 757186, 1.0.21860, , ame,



    Physical Sector: 0

    No malicious items detected



    WMI: 0

    No malicious items detected





    end


    If I go to the directory stated in some of them, C:\users\username\appdata\local\{DA03EC5F-FEAB-80E7-9333-A50FB75B5997}\HowToRemove\ ,

    this is what is shown-

    Malware 770d75b5-f226-4c71-912e-d998d2c2d477?upload=true.png


    If anyone knows what any of this is- It would be greatly appreciated! I replaced my name with username in the directories for personal reasons.


    Thanks

    :)
     
    Compuuter, Apr 3, 2020
    #1
  2. LE BOULE
    Le Boule Win User
    Le Boule, Apr 3, 2020
    #2
  3. BOATVAN
    Boatvan Win User
    Did our Epson printer get hacked?

    Another question, is this on a home network or a work network? The steps @eidairaman1 listed are always a good first step. If this is on a work network you manage, I'd be much more concerned than the home one. It is possible someone is screwing with you, but malware could also be the culprit.
     
    Boatvan, Apr 3, 2020
    #3
  4. RADIORAHEEM
    radioraheem Win User

    Malware

    Best way to remove problem Malware

    Hi There,

    I am trying to remove a bundle of Malware without success.

    There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

    Buenosearch Toolbar
    MyPC Backup
    PC Performer
    Speed Test 127
    UnknownFile

    I was looking at this weblink which provides a 5 step process for Buenosearch alone:
    Remove Bueno Search (Removal Guide)

    Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........
     
    radioraheem, Apr 3, 2020
    #4
Thema:

Malware

Loading...

  1. Malware - Similar Threads - Malware

  2. All Executables close - after Malware removal

    in Windows 10 Gaming
    All Executables close - after Malware removal: Defender found and cleared the following Malware: Trojan PDF Phish MSR,, Trojan Phonzy, Trojan Wacatac. However I am not able to run any executable such as EventVwr, MSConfig, or even Reset PC - the executable runs and closes. This is happening for any executable on the PC. I...

  3. All Executables close - after Malware removal

    in Windows 10 Software and Apps
    All Executables close - after Malware removal: Defender found and cleared the following Malware: Trojan PDF Phish MSR,, Trojan Phonzy, Trojan Wacatac. However I am not able to run any executable such as EventVwr, MSConfig, or even Reset PC - the executable runs and closes. This is happening for any executable on the PC. I...

  4. Is This Malware Notification Real Or Fake? I can’t tell.

    in Windows 10 Gaming
    Is This Malware Notification Real Or Fake? I can’t tell.: So I was browsing the internet, looking for Minecraft for the Xbox 360. I downloaded an image file from a random website, then immediately after, McAfee or something else kept saying I had a virus. I freaked out and went straight to Windows Secirty so it can delete the virus,...

  5. Is This Malware Notification Real Or Fake? I can’t tell.

    in Windows 10 Software and Apps
    Is This Malware Notification Real Or Fake? I can’t tell.: So I was browsing the internet, looking for Minecraft for the Xbox 360. I downloaded an image file from a random website, then immediately after, McAfee or something else kept saying I had a virus. I freaked out and went straight to Windows Secirty so it can delete the virus,...

  6. Can Windows Defender do scans for virus and malware?

    in AntiVirus, Firewalls and System Security
    Can Windows Defender do scans for virus and malware?: I had a fake malware warning show up on my computer, called the "2V7HGTVB" scam. I didn't fall for it and didn't call the phone number given, but I thought it would be a good idea to scan my computer, which has Windows 10 in S mode.I asked Copilot, and was given several...

  7. Can Windows Defender do scans for virus and malware?

    in Windows 10 Gaming
    Can Windows Defender do scans for virus and malware?: I had a fake malware warning show up on my computer, called the "2V7HGTVB" scam. I didn't fall for it and didn't call the phone number given, but I thought it would be a good idea to scan my computer, which has Windows 10 in S mode.I asked Copilot, and was given several...

  8. Can Windows Defender do scans for virus and malware?

    in Windows 10 Software and Apps
    Can Windows Defender do scans for virus and malware?: I had a fake malware warning show up on my computer, called the "2V7HGTVB" scam. I didn't fall for it and didn't call the phone number given, but I thought it would be a good idea to scan my computer, which has Windows 10 in S mode.I asked Copilot, and was given several...

  9. How to remove malware?

    in Windows 10 Gaming
    How to remove malware?: I recently downloaded an exe file and i am pretty sure i have a virus or malware on my pc now, every time i open my pc now i notice that the temperature is high for no reason and its sounds louder. The first thing i did is try to download an antivirus but every time i tried...

  10. How to remove malware?

    in Windows 10 Software and Apps
    How to remove malware?: I recently downloaded an exe file and i am pretty sure i have a virus or malware on my pc now, every time i open my pc now i notice that the temperature is high for no reason and its sounds louder. The first thing i did is try to download an antivirus but every time i tried...