Antivirus Guide & User Reviews.

quicky008

Technomancer
^^Scanned using Bitdefender & Malwarebytes. Nothing detected. Files are clean
This is what baffles me-the files are clearly malicious,otherwise they wouldn't have reappeared at their original locations upon reboot (despite having been deleted previously).And during startup i can see multiple instances of update.exe running in the background for no apparent reason-they disappear after sometime.I dont think any legit app would behave this way.

I wonder why none of the popular antivirus programs can detect them as malware.Even in virustotal,only one obscure av product called ikarus or something detects the update.exe as a malicious file out of several others listed there,which include some popular a/vs like kaspersky,eset and bitdefender.This is a major disappointment to say the least!!
 

Zangetsu

I am the master of my Fate.
This is what baffles me-the files are clearly malicious,otherwise they wouldn't have reappeared at their original locations upon reboot (despite having been deleted previously).And during startup i can see multiple instances of update.exe running in the background for no apparent reason-they disappear after sometime.I dont think any legit app would behave this way.

I wonder why none of the popular antivirus programs can detect them as malware.Even in virustotal,only one obscure av product called ikarus or something detects the update.exe as a malicious file out of several others listed there,which include some popular a/vs like kaspersky,eset and bitdefender.This is a major disappointment to say the least!!
Can you post the taskmanager screenshot running these malicious exe ? It could be the exe is being invoked by some other infected program/app.
 

quicky008

Technomancer
here it is
 

Attachments

  • Untitled.png
    Untitled.png
    563.9 KB · Views: 112

Zangetsu

I am the master of my Fate.
Do you have a VM ? If yes then copy paste the exe you shared in gdrive and run it there. See if it spawns multiple exe in task manager.

I think something else is spawning the exe from a different location or the AV doesn't have the malware signature of it (may be a new one)
 

TigerKing

Wise Old Owl
Try msconfig.msc find any running service other than microsoft. And disable it, related to that game.
And try removing those files.
Try uninstaller tools too. Specifically revo uninstaller. Uninstaller can serch for leftovers too. Try that feature.
Don't boot into safe mode yet, it may infect safe mode.

Try this too

*www.tenforums.com/tutorials/86975-program-install-uninstall-troubleshooter-windows.html

*support.microsoft.com/en-us/topic/...-removed-cca7d1b6-65a9-3d98-426b-e9f927e1eb4d
 
Last edited:

quicky008

Technomancer
the update processes show the name of my user account in windows when i try to view the details section-what does that mean?Is it being spawned by some component of windows itself?
 

Attachments

  • Untitled.png
    Untitled.png
    295 KB · Views: 121

Zangetsu

I am the master of my Fate.
Use Process Explorer to get more details on process & services. Task Manager has limited info.

*docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
 

quicky008

Technomancer
Some screenshots taken using process explorer...although i couldn't figure what was really going on.It didn't show any info regarding which utility/app/service was spawning the processes.
 

Attachments

  • Screenshot (220).png
    Screenshot (220).png
    238.7 KB · Views: 116
  • Screenshot (221).png
    Screenshot (221).png
    243.3 KB · Views: 117
  • Screenshot (222).png
    Screenshot (222).png
    240.7 KB · Views: 119

SaiyanGoku

kamehameha!!
Some screenshots taken using process explorer...although i couldn't figure what was really going on.It didn't show any info regarding which utility/app/service was spawning the processes.
*file-intelligence.comodo.com/windo... is known as,EXE to spread malware infection.

Use MalwareBytes to do a scan.
 

Zangetsu

I am the master of my Fate.
Tried Kaspersky free antivirus but it couldn't detect the malware, neither could bitdefender free.

Haven't tried it in vm yet.
The malware infection might have been removed from the system. And it could be just a zombie process lurking there.
Perhaps the reason for not getting detected by Kaspersky/Bitdefender
 

quicky008

Technomancer
yeah the processes only appear at startup for 1-2 mins,and after that they disappear-probably they self-terminate as they dont actually have anything to do.

However the only strange thing is that they reappear at the same locations on my pc even after being deleted,which means that some entity is restoring those exe files back to their source folders which they originally infected and that does cause some concern.
 

RumbaMon19

Feel Pain.
Imo you should now take your backup as soon as possible, before this starts encrypting your files and demands ransom or turn your PC into a botnet making it unusable and in some cases making data recovery difficult.
 
Last edited:
Top Bottom