Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 8 x64 - Am I infected?


  • Please log in to reply
11 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 17 June 2014 - 03:02 PM

Hello

Recently reloaded Windows 8 with recovery discs.

 

Using Kaspersky PURE 3.0

 

In the reports I see from Kas., I noticed the a/v being turned off as well as avp.exe being denied at various times, too.

I loaded JAVA latest version and I now see an au.exe.

 

Can we do some checks on this laptop before I continue installing more programs?

 

Thanks.

 

shley
 



BC AdBot (Login to Remove)

 


m

#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:10:20 PM

Posted 17 June 2014 - 04:18 PM

 You can download the free version of Malwarebytes, get it up to date, and do a scan.  

 I have to ask if you really need Java though.  It's had a lot of reports of vulnerabilities, so if you can avoid using it, you're better off.  If you have to use it, be sure to keep it up to date.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 17 June 2014 - 04:28 PM

Ok, I will try this but I have a couple of questions first.

 

Are people with a Win 8 system using a program like Kaspersky AND Malwarebytes at the same time on an ongoing basis?  I am confused as to why a paid version like Kaspersky would not find things Malwarebytes would find (?)

 

Also, how does MB work, exactly? If it finds something does it delete it or does it only quarantine it?  I ask this because it I do not keep MB on the system afterwards, and it only quarantines something, how will that continually quarantine it if MB is missing?

 

I am not trying to bog down my system obviously.

 

Thanks for your help



#4 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:10:20 PM

Posted 17 June 2014 - 04:41 PM

 There are antivirus programs and there are antimalware programs.  The antivirus programs probably should get rid of malware, but unfortunately in too many cases they don't.  That's why you need both an antivirus program and an antimalware one.  I imagine you're aware that there are free versions of both.  In Windows 8 in fact Defender includes the MS antivirus program MSE (Microsoft Security Essentials) for free, some ISPs provide free antivirus suites (e.g. Comcast provides Norton Security Suite), and then there're the free versions of Avast and AVG which have good reputations.  I use both antivirus and Malwarebytes software, and a lot of other folks do too.  Malwarebytes will list the things it finds and give you the option to quarantine all or just some of them.

 

Good luck.


Edited by wpgwpg, 17 June 2014 - 04:43 PM.

Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:20 PM

Posted 17 June 2014 - 05:51 PM


Are people with a Win 8 system using a program like Kaspersky AND Malwarebytes at the same time on an ongoing basis?  I am confused as to why a paid version like Kaspersky would not find things Malwarebytes would find (?)

Hello -

First, even with K / Pure running, it will not find all infections, plus Malwarebytes Anti-Malware Free is a Malware Scanner (cleaner) only and not Antivirus.

The paid (pro) version will run beside your K / Pure and find Malware problems only, not Virus problems.

 

Many people confuse Virus and Malware as the same things, but they are nowhere near the same and need their own tools.

The 3 main problems we try to deal with are Malware, (generally a more severe but stable infection)

Virus, (generally an internal growing problem that spreads easier)

and Adware (those little popup problems that can usually be cleaned by a good Antivirus or Junkware Removal Tool or AdwCleaner).

 

There are many variations on these (Rootkits and other problems) but they are rarely done with one tool only.



#6 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 17 June 2014 - 09:01 PM

Is using SuperAnti Malware all right as opposed to Malwarebytes?  I ask this because I believe I have a lifetime subscription to the former.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 PM

Posted 17 June 2014 - 09:13 PM

Malwarebytes is more effective than SuperAntiSpyware.

When compared to other security tools the advantage of Malwarebytes Anti-Malware is that it uses a proprietary low level driver similar to some anti-rootkit (ARK) scanners to locate hidden files and special techniques which enable it to detect a wide spectrum of threats including active rootkits. The new scanning engine in version 2.0 has some enhancements to deal with current threats that the old version did not have.

Malwarebytes is designed to remove malware effectively with a THREAT SCAN (QUICK SCAN) which checks memory, looks at the most prevalent places and known launch points for active malware infections. Areas and methods tested include: Memory Objects, Startup Objects, Registry Objects, and Filesystem Objects. The THREAT SCAN also detects any running malicious files regardless of its location so even if the malware is running from a location not checked by the file system portion of the scan, the THREAT SCAN would still detect it. This check includes not only running processes, but also loaded modules such as .DLLs injected into other processes. Malwarebytes uses heuristics that bypasses polymorphic blackhat packers & encryption, MD5, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.

Enabling Advanced Heuristics Engine (Shuriken) under the 'Detection and Protection' Option section enables a second method of heuristic analysis to Malwarebytes detection techniques. Heuristic analysis is always employed, even when this option is not selected.

Note: If there is an undetected dormant file not actively infecting the computer, then a CUSTOM SCAN might find it. However, a dormant file is not a threat to the system and an anti-virus is actually better suited to detect non-active threats due to it's scanning engine's design model and large database.

By default, files marked for "Remove", are copied, renamed, encrypted and password protected, then sent to the quarantine folder. Quarantined items can be viewed by looking under the quarantine tab in Malwarebytes. The original file is either immediately removed or removed on reboot. While in Quarantine, the copy of the renamed original file is no longer a threat and therefore cannot do any harm. If at a later date you find MBAM removed a legitimate file (known as a false positive), it can be restored from Quarantine by clicking the Restore button. When the quarantined file is known to be malicious, you can delete it at any time by launching the program, going to the Quarantine tab, and choosing the option to delete. If the file was a false detection, then you can choose the option to restore it.

BTW, where is au.exe running from...the full file path (location)?

Ace Utilities by Acelogix_Software using this file name as well as malware.
i.e. C:\%Program Files%\Ace Utilities\
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 PM

Posted 17 June 2014 - 09:17 PM


Also using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.Although, Java is commonly used in business environments and many VPN providers still use it, the average user does not need to install Java software.I recommend just uninstalling Java if you don't use it.
* How to Completely Remove Java Using JavaRa
* How do I uninstall Java on my Windows machine?
* Information about the Java Uninstall Tool for Windows

If you're going to use Java, many security researchers and computer security organizations caution users to limit their usage and to disable Java Plug-ins or add-ons in your browsers.

If you need Java for a specific Web site, consider adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site(s) that require(s) it.

Krebs On Security: ...Java

To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment.

US CERT: Disable Java in web browsers

* How to disable Java Plug-ins or add-ons in common web browsers .
* How to turn off Java on your browser
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 17 June 2014 - 09:44 PM

Great information. thanks.

 

The system is running IE10 with latest version of Java.  Reloaded Windows 8 as I said and proceeded to download needed Windows security updates and manufacturer updates.  Added Adobe and Java, etc.  I do like the two browser method but I only use IE anyway.
 

As I was installing Java, Kaspersky report indicated that the au.exe app was loaded, too. OR, at the same time. 

 

I'll proceed to run the Malwarebytes ad report back.

 



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 PM

Posted 18 June 2014 - 12:37 PM

I did some more research and found that au.exe is part of Nullsoft Install System (NSIS). It is also related to installers used to install legitimate software.

Since you noticed the file when installing Java it may be part of the install package.

..see jre-8u5-windows-au.exe
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 18 June 2014 - 02:37 PM

Oh, good, then that clears that up.

I ran MB after an update and everything came back O.K.

I did notice in the final report the File System Check was disabled. But in the Settings I could not find an option to enable it.  Maybe this is only for the Premium version?



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:20 PM

Posted 18 June 2014 - 03:18 PM

All settings for free and Premium versions are explained in:Please post the complete results of your Malwarebytes scan for review.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users