Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Activity on Microsoft Apps


  • Please log in to reply
7 replies to this topic

#1 Ellard

Ellard

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 16 August 2017 - 02:47 AM

Hiya,

 

Last night a hand full of my Microsoft apps started acting very odd. Out of, seemingly, no where my Skype stopped working and would simply switch, rapidly, between 3 different conversations over and over and over. My emails were unusable and just went straight through them to the Archive tab then just sat there. There was a strange flickering on the page tabs for Windows Defender Security Center but this was ultimately useable. The Windows app store just went into a melt down if I tried to get in. It would just start refreshing like crazy, every second. 

 

I did all my scans with defender and Malwarebytes which returned 0 results. 

 

I had just installed a new driver update so I rolled that back. Nothing.

 

In the end I bit the bullet and decided to just do a full restore (I'd been considering doing one anyway so this was by no means the end of the world) and reinstalling Windows. But when I did this and got back in it was still doing it! Only now I had to use Windows Edge and this was totally unusable, again in a constant state of refresh. So I shut it all off for the rest of the evening.

 

I had another look about an hour later and it was all fine, back to normal as if nothing had happened.

 

My housemates think I was hacked but I'm skeptical of this. I'm more inclined to believe in was something going spoony with software or something (I dunno, I'm by no means an expert!). I was just wondering if there's anything I can do to see if there is anything suspicious going on with my machine now?  As I said, I did the usual scans and they returned nothing.

 

Hoping to hear from one of you lovely lot soon!

 

Cheers,

 

E



BC AdBot (Login to Remove)

 


#2 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:11:30 AM

Posted 16 August 2017 - 03:51 AM

Similar weird stuff has happened to me a few times last year, it does not happen now and I don't know what it was, it stopped on its own. Anyway, I think that it might actually be some sort of a malware. Try reinstalling the system one more time if you can, download offline patches beforehand and install them while your computer remains offline - if it is a malware of some kind then it needs to use some sort of an exploit to get in, probably one that was already patched.

Try applying a few tweaks from this guide : https://hackernoon.com/the-2017-pentester-guide-to-windows-10-privacy-security-cf734c510b8d (assuming that you use win10), then try out heavy anti-malware protection for a while and see if it helps, something like this :

 

An above average scoring AV, don't leave it with default settings, tweak it (high heuristics, pup detection, etc.), check out AV comparatives and pick one https://chart.av-comparatives.org/chart1.php combine that AV with either an antimalware with real time protection, both malwarebytes and zemana have a 2 week trial, or instead of an antimalware you can try something like voodooshield - it uses virustotal for on access scan, it is free and it will block almost every malware yet known, but it comes with a lot of false positives.

 

This will help assuming that it is a malware which it might be not, if it won't then try searching for other users with problems like this, maybe somebody will know what to do. Based on what you've described here it might be an app from windows store but I doubt that it could actually wreak a system-wide chaos.


Edited by Daniel_Boringcliffe, 16 August 2017 - 04:01 AM.


#3 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:30 AM

Posted 16 August 2017 - 07:13 AM

Honestly, it does sound like some malware or spyware, but it can also be a broken keyboard issue (silly, I know), but I had a client that had random presses and shut downs of application for no reason, turns out his keyboard was pressing random sequence of buttons on its own after he spilled some water. Although, it doesn't appear to be the same type of issue.
 
Since you tried plenty of conventional methods, I would recommend a full, thorough solution to the problem. Below you will find the list of a potentially strong solution.
 
1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services (not removal, just stops the processes)
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Check your task manager for any suspicious processes, if found, identify folders and try to remove them manually. Or just "Win key + R" and type %appdata%. Afterward, delete potentially malicious folders.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner. Multiple anti-malware solutions will confirm that the threat was removed.
7. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone.
 
Let me know if it helps you out. Oh, and Daniel's post about AV solutions and AM solutions should be a good set for future.


#4 Ellard

Ellard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 16 August 2017 - 02:58 PM

Hi both, 

 

Thanks for getting back to me! I've followed advice on both counts.

 

JoshRoss, I followed your instructions and everything returned 0 results. So I guess that's good? However I wasn't able to do a virus scan in safe mode with Avast, AVG or Windows Defender.. But I was able to pull it off with Panda. But the antivirus on Panda kept switching itself off while I was in safe mode. Is that something to be worried about? This was happening after I used Rkill. It works fine when I run my PC in normal mode and stays on.

 

But other wise everything seems to be working as normal and no notifications of any viruses/malware.

 

Daniel, thanks for the advice on the AV front! I'll definitely be taking that on board.


Edited by Ellard, 16 August 2017 - 03:00 PM.


#5 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:30 AM

Posted 17 August 2017 - 01:58 AM

If after that many scans everything is fine, you shouldn't worry too much on malware front. I forgot to mention, that anti-virus software might malfunction in safe mode, so it is a rather normal activity, nothing to worry about. RKill still has some issues with Windows safe mode as well, I am sure that might be resolved eventually, but for now, again, very normal reaction. 

 

So I assume the issue is fixed? Or do the weird crashes and malfunctions persist?



#6 Ellard

Ellard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 August 2017 - 02:10 AM

Yeah it's fine now, business as normal. Thanks for all the advice! It's all very odd. I've had a bit of a scour over the internet and can't find many, if any, other instances of it. There again I can be quite difficult to describe in so many words. I guess Microsoft works in mysterious ways...

#7 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:30 AM

Posted 17 August 2017 - 02:13 AM

Heh, Indeed it does. Well, I am glad it worked out. It could be that just a simple restart was needed, which you naturally did following my steps. Additionally, RKill kills a majority of malicious processes, that might have been one, where it was just a one time launch, killing it rendered it useless, therefore the problem no longer presents. I recommend occasionally keeping an eye out on your task manager if such problems occur in the future. There will be clear signs of intrusion if it is something so obvious.



#8 Ellard

Ellard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 August 2017 - 05:25 PM

Good shout Josh. Yeah, all seems dandy now! Thanks again for your help :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users