Antivirus Guide & User Reviews.

TheSloth

The Slowest One
This advert being is widely circulated on FB nowadays(See attachment).Its purportedly a remake of the Contra game by some unknown studio called Raize gaming.

I assumed it was what it claimed to be,moreover as it was being advertised on FB i thought it was legit.After downloading this so-called game from their link,i found that it didn't work and was demanding that i install some "simulator" to get it to work.

Frustrated i gave up trying,but shortly afterwards an executable of the game that was running in the background was flagged by AVG as a malware(bitcoin miner) and was blocked.

This set off some alarm bells,so i checked the FB post once again where i got it from,and surely discovered that many others had also reported the same issue-that it was being flagged as a malware.It was my mistake for not having checked the comments thoroughly before proceeding to download this fake game-actually i didn't think any app that was being advertised on FB would contain malware,as i assumed they would have verified it before allowing it to appear on their website.

I ran a full system scan with avg and it came up clean in the results.I even scanned my system with malwarebytes and hitman pro but they couldn't find any traces of that malware either.

However much to my surprise,i found that the executables were still running from multiple places within my primary drive (C : ) after i rebooted my system,and quite inexplicably AVG was not detecting them.So i manually found their source folders using task manager and deleted them all,only to find them still appearing again upon the next reboot.

So this time i downloaded Eset online scanner and ran another system-wide scan but it came up empty as well.I couldn't imagine that some of the oldest and the most reputable AV products like ESET ,AVg etc were failing to detect this generic bitcoin mining trojan.

As a last resort,i scanned my system using a tool called rogue killer,and it did manage to detect multiple traces of the app on my C: drive and deleted them all !! I hope i wont find it running again upon the next reboot!

I reported this ad to facebook multiple times,but they rejected it claiming that it didn't violate any of their "community guidelines"!! (go figure!!)

Please beware of this,and if you chance upon this ad,do report it straight away!
Thanks for letting us know !
One question, Isn't marlwarebyte, hitman and rogue killer conflicting with each other like antiviruses does?
 

quicky008

Technomancer
Thanks for letting us know !
One question, Isn't marlwarebyte, hitman and rogue killer conflicting with each other like antiviruses does?
i uninstalled the previous one before installing another anti-malware program.


And sadly even rogue killer couldn't get rid of the malware completely,the malicious processes still execute and run in background every time i turn my system on.

But strangely they disappear from task manager after a few minutes. I wonder what type of infection is this that so many major antimalware apps couldn't remove completely.

To think i got this malware from FB-and they are still displaying this ad as of today!
 

Desmond

Destroy Erase Improve
Staff member
Admin

quicky008

Technomancer
I have included some of the suspicious files that i see running in the background everytime i start windows 10 in the following google drive link :


its in a rar archive,whose password is infected.

if you could scan these using your a/v products and share your findings then it would be great.
 

quicky008

Technomancer
^^Scanned using Bitdefender & Malwarebytes. Nothing detected. Files are clean
This is what baffles me-the files are clearly malicious,otherwise they wouldn't have reappeared at their original locations upon reboot (despite having been deleted previously).And during startup i can see multiple instances of update.exe running in the background for no apparent reason-they disappear after sometime.I dont think any legit app would behave this way.

I wonder why none of the popular antivirus programs can detect them as malware.Even in virustotal,only one obscure av product called ikarus or something detects the update.exe as a malicious file out of several others listed there,which include some popular a/vs like kaspersky,eset and bitdefender.This is a major disappointment to say the least!!
 

Zangetsu

I am the master of my Fate.
This is what baffles me-the files are clearly malicious,otherwise they wouldn't have reappeared at their original locations upon reboot (despite having been deleted previously).And during startup i can see multiple instances of update.exe running in the background for no apparent reason-they disappear after sometime.I dont think any legit app would behave this way.

I wonder why none of the popular antivirus programs can detect them as malware.Even in virustotal,only one obscure av product called ikarus or something detects the update.exe as a malicious file out of several others listed there,which include some popular a/vs like kaspersky,eset and bitdefender.This is a major disappointment to say the least!!
Can you post the taskmanager screenshot running these malicious exe ? It could be the exe is being invoked by some other infected program/app.
 

quicky008

Technomancer
here it is
 

Attachments

  • Untitled.png
    Untitled.png
    563.9 KB · Views: 18

Zangetsu

I am the master of my Fate.
Do you have a VM ? If yes then copy paste the exe you shared in gdrive and run it there. See if it spawns multiple exe in task manager.

I think something else is spawning the exe from a different location or the AV doesn't have the malware signature of it (may be a new one)
 

TigerKing

Cyborg Agent
Try msconfig.msc find any running service other than microsoft. And disable it, related to that game.
And try removing those files.
Try uninstaller tools too. Specifically revo uninstaller. Uninstaller can serch for leftovers too. Try that feature.
Don't boot into safe mode yet, it may infect safe mode.

Try this too


 
Last edited:

quicky008

Technomancer
the update processes show the name of my user account in windows when i try to view the details section-what does that mean?Is it being spawned by some component of windows itself?
 

Attachments

  • Untitled.png
    Untitled.png
    295 KB · Views: 21
Top Bottom