Windows 10: Unwanted Flag for "TrojanDownloader:O97M/BITSAbuse.C"

Unable to deal with Defender flagging BITS.


System Specs and code snip appended.


A while ago I was trying to use BITS in Excel VBA to download files from my investment service provider's database. I have weekly backups of my Excel VBA xlsm files dating back many months that are all of a sudden being flagged by Windows Defender just for having the word 'BITS Admin' in commented-out VBA lines and maybe the procedure title of BITS_Admin. As a work around, I updated my most current working VBA xlsm by changing BITS to BEEETS, just so I could run the rest of my 1000's of line of VBA for my weekly investing.


I don't want to ignore when I get a warning from Widows Defender, but since I have a constant warning icon in the system tray with all these false flags I wanted to shut them up so I could notice if something real comes along. To shut up Defender on all these false flags the only option I could see was to select "Allow on device" other choices were Remove and Quarantine. Now, instead of allowing that specific file as I had hoped, Defender is allowingall BITS threats through. Obviously this is dangerous and unacceptable, so I undid that and am back to false flags drowning out any real malware signals.


I don't want to edit a ton of backup files from BITS to BEEETS. How to I allow certain limited cases of BITS Admin see below to exist in my xlsm VBA backups? In the same vein, how could I sign / authorize / set permissions / allow / etc. for my VBA xlsm so that I can legitimately run my authorized instances of BITS but not let any other instances, e.g. from bad actors, to run?


System:

Windows 10 Professional Version 10.0.18362.900

Defender Secutiry Intelligence Version 1.319.542.0 problematic BITS detection started well before this version though


Dell Optiplex 7040

Intel Q170 chipset

DIMM 8GB 2133, 2Rx8, 4GB DDR4, S 32 GB max

Skylake Gen6 i5-6500T, 2.5 CPU


This is the procedure Defender is currently tripping on in my historical files:

Sub BITS_Admin
'Try with Windows Defender disabled -- there has got to be a way to allow my own code to run
'BITS Admin = Background Intelligent Transfer Service Administration Utility
'Windows Command Line Utility
'C:\Users\ssttr>bits admin /? NOTE: proper syntax requires removeal of space between bits and admin;
' the space is an anti-virus workaround that trips on the concatenated word
'Download from URL to local path via CMD
End Sub

:)

 

Trojandownloader: O97M/adnel

Hi,

I used the Microsoft Malicious Software Removal Tool to scan my computer. The scan results show Trojandownloader O97M/adnel as malicious software detected but not removed.

The Microsoft Malicious Software Removal Tool did not remove this trojan file. I dont know why.

How do I remove this malicious software?

Thanks

<Moved from Windows 10>

 

Trojandownloader: O97M/adnel

System Requirements

Microsoft Safety Scanner Download - Windows security

Sometimes you have to try two (2) times to click in the links, other wise you can get the “We aяe sorry, the page you requəsted cannot be found.”

The Microsoft Safety Scanner is NOT supported in Win10.

-=-

See this archived reply from an earlier thrəad: Microsoft Malicious Software Removal Tool

Pay particular attention to any comments by
Rob Koch

<<mrt.exe>>

`~`

First, verify that the time, date/year & time-zone are set correctly

<<Change Time in Windows 10>> Win 10

Reboot if you changed any of the above.

Clear up your Temp File/Cache.

Clean up the system (clearing out all the temp/tmp folders, and included all offline content, clearing the browser tif, delete cookies, etc. etc..

(Important:One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders.

<<https://wiki.umbc.edu/pages/viewpage.action?pageId=1867904>>

Best and easier to use - CCleaner.

Download the basic (slim) (Free Download) build via

<<http://www.piriform.com/ccleaner/builds>>

The basic (slim) build does not contain the disgusted Toolbar, the standard build installs the Yahoo Toolbar as an option which ischeckmarked by default during the installation. IF you doNOT
want it, removethe checkmark when provided with the option
ORdownload the toolbarfree Basic SLIM versioninstəad.)

DO NOT USE ANY Advanced cleaning options.

DO NOT TOUCH THE REGISTRY. At least not for now.

Reboot.

`~`

Follow the links and download the tools scanning with each then reboot aftər each scan.

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them in regular Windows when you can.

1. -Please download and install Malwarebytes (MBAM)(), update definitions and run in normal mode. Disable othər security software whilst you are doing scans.

<<https://www.malwarebytes.org/antimalware/>>

Pləase make certain you uncheck the box beforeEnable free trial of Malwarəbytes Anti-Malware Premium.

<<http://goo.gl/0TkcEN>>

Make sure in Malwarəbytes the
Scan for rootkits box is checked-> Settings-Detection and Protection.

`~`

The recommendation is to use the intelligent quick scan routinely, and do full scans either on a longer periodicity--weekly, monthly--or only when something is found or you have some rəason for suspicion.

`~`

2.- -Run SUPERAntiSpyware (SAS) Online Safe Scan,Same as above.

<<http://www.superantispyware.com/onlinescan.html>>

`~`

3.-RunAdwCleaner

<<
https://toolslib.net/downloads/viewdownload/1-adwcleaner/>>

`~`

4.- Run Junkware Removal Tool


<<http://www.bleepingcomputer.com/download/junkware-removal-tool/>>

`~`

5.- - And finally, download and run ESETOnline
(One-Time) Scanner.

<< http://www.eset.com/us/online-scanner/>>.

`~`

I quote
JulietNE--a regular contributor here:

Try this:

Please download
Emsisoft Emergency Kit

and save it to your desktop.

Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

• 
  Leave all settings as they are and click the
  Extract button at the bottom.
  
• 
  A folder named EEK will be created in the root of the drive (usually c:\).
  

• 
  After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  
• 
  The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
  
• 
  Please click Yes so that it downloads the latest database updates.
  
• 
  When the update process is complete, a new button will appear in the lower-left corner that says
  Back. Click on this button to return to the Overview screen.
  
• 
  Click on Scan to be taken to the scan options.
  
• 
  If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click
  Yes.
  
• 
  Click on the Malware Scan button to start the scan.
  
• 
  When the scan is completed look over the list of items found, anything you see and know is safe remove the check to avoid deleting any false/positives.
  
• 
  Click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  
• 
  When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  

Pləase let us know what fixes the problem or if the pяoblem remains.

`~`

 

Voice Recorder Flags Disappeared

Hi,

I realize the problem you are facing with the voice recorder.

To assist you better, please answer the below:

• 
  Are you using windows built-in voice recorder or any other 3rd party voice recorder application?
  
• 
  If you are using Build in Windows recorder, how did you put the flag?
  

If you are using built-in Windows recorder, there is no option to put a flag on recorded voice. Provide us the screenshot of recording interface with Flag.

Refer the steps given in the below link to provide us screenshots:

How to include a screenshot in your post


In case if you are using any 3rd party recorder, then I suggest you to contact the developer of the application for further help.

Thank you.