/r/antivirus

Photograph via snooOG

For all of your Antivirus needs.

Welcome to r/Antivirus

Everyone:
1. Please take a moment to familiarize yourself with our [rules].
2. Check our regularly-updated [wiki] before posting. Last major update: 2024-NOV-19

The top rules are as follows:

  • 🆕This is a subreddit where people come for help with computer viruses and malicious software. Memes, jokes, and discussions involving politics are strongly discouraged.

  • Asking a question about a VirusTotal or Hybrid Analysis report? Include a link to it, not just a screenshot, or your post may be removed.

  • Do not post links to websites offering commissions, affiliate links, or sponsored installs.

  • Do not intentionally link to malicious sites (links to VirusTotal and Hybrid Analysis are fine). If you must post a link, please 'de-fang' it by breaking the URL up with brackets like so: https[:]//www[.]example[.]com

  • Failure to respect the rules and each other may result in a permanent ban.

  • If you see any spam or abusive messages, please use the report function to report it to the mods.

The complete list of rules can be found [here].

(Yes, that is a clickable link.)


Regular Users:
Welcome! You can get all of the help you need here, along with advice on removing any kind of malicious or unwanted software and choosing the right antivirus/internet security/endpoint protection for you!


Security Vendors:
You are more than welcome here, as long as you respect Reddit's Self Promotion rules, and are not pushing your product unduly. Do not abuse your welcome. Posting about Sales, Beta's, that sort of thing is allowed, but don't spam it. You are expected to participate in discussions where you can lend your expertise. Click here send a message to the r/antivirus mods so we can set you up with your company flair.


👉We Have a Wiki! (Click Here)

Our regularly-updated wiki contains all sorts of useful information, including links to reputable developers of antivirus/antimalware/internet security/endpoint protection/endpoint detection and response/{insert marketing-term-du-jour here} programs, information about specialized scanning and cleaning tools, information about security tests and testers, practical information on securing your devices and a glossary.

PLEASE CHECK THE WIKI FOR BASIC HELP + TROUBLESHOOTING INFO BEFORE POSTING.

/r/antivirus

89,005 Subscribers

1

Unable to install any new applications (steam games/BitDefender etc) on Windows 11 PC anymore since uninstalling my Kaspersky Total security and VPN software since subscription expired

Has anyone else experienced anything similar and how did you resolve it. I can't install another AV product because it's blocked. I am able to access the internet but It seems like theres a sort of network application restriction.

I can't use steam or install an AV like BitDefender. My thinking is that there is something wrong with the DNS or something, however im uncertain – im guessing at the moment as it's very ambiguous. I have gone through the registry and removed anything related to kaspersky, reset the network, updated and restarted the machine and attempted to manually look for anything that's linked to it, however, no luck.

Nothing has worked so far. It feels like Kaspersky is still lurking somewhere, blocking installations and applications. Has anyone dealt with something similar? How did you resolve it? I'm open to any suggestions or tools.

2 Comments
2024/12/01
13:03 UTC

2

Is ngrok dangerous?

Windows Defender flagged 3 threats to ngrok, Tool:AndroidOS/ZkarletFlash Program:Win32/Contebrew.A!ml Trojan:Win32/Pomal!rfn

1 Comment
2024/12/01
10:50 UTC

3

tf is this file

I have a file on my pc named SULiDE 400_info. It is a Configuration settings (.ini) file but It won't let me delete or alter it. also, it says I don't have permission. hoping this isn't bad. what is this file?

1 Comment
2024/12/01
08:17 UTC

1

I may have downloaded a virus file and it is likely stealing my information

So, got myself a new iphone 16 and needed to transfer data from old iphone 11 to new iphone. As icloud was not working (had 50 gb of whatsapp business data that needs to be transferred), i got to know about a software from Wondershare. I was like " ok i need to use it once only, why buy it", so i went to the internet and downloaded a PASSWORD protected cra-ked version (bad of me to save some dollars when i got a new iphone).

So, yeah, cra-ked version didnt open the setup file but have likely infected my PC. Got my instagram password changed the next day and the facebook password change the next day. Fortunately i got the emails on my phone so i changed the security of my accounts through my phone.

Now, the question is, how can i remove this ? I installed kaspersky antivirus and it is not detecting anything suspicious. What to do now knowing this is my work laptop (and only laptop i have) and i cannot afford to have my work and personal things (logins, passwords, files, other sensitive information etc) leaked.

Please advice, thank you.

3 Comments
2024/12/01
07:10 UTC

1

Anybody had this happen?

Was streaming the soccer game online and I noticed something got downloaded called operasetup I didn't chicken it to install or download it am I okay? What should I do?

1 Comment
2024/12/01
07:05 UTC

1

Suspicious behavior in Open-Source program

Hi! So a bit of context first. In 2007, the game Crysis was launched. It was a mega popular game, so much so that people coined the term "Can it run Crysis?" because the game was so advanced and so hard to run.
However, these days it doesn't run perfectly on newer operating systems.

So people went to work. Some tried to patch the original executables, while others created a whole new executable from scratch. This latter one can be found here: https://github.com/ccomrade/c1-launcher

Before I went running it I decided to upload it to VirusTotal. You can see the results here: https://www.virustotal.com/gui/file/24fdd6e414e1e3b3f4b1a3af9f7967b19d6127d771df518383814dbe15b1eb0b

A couple things jump as a bit suspicious to me:

- the launcher creates the process C:\Windows\System32\7za.exe with the arguments x -pinfected. I'm particularly curious about the -pinfected argument because AFAIK "-p" is for the decryption password and "infected" is usually the password for malicious files.
The file extracted is C:\Users\[user]\AppData\Local\Temp\q4x40ebu.tmp
- then it forcefully starts Conhost.exe in a hidden CMD window:
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

[EDIT] Some interesting answers on why a program might wanna do this.

I tried searching for "pinfected", "-pinfected", "infected", etc in the source code but couldn't find anything.

So my question is: could this be caused by something else? Like a compiler, or .exe builder. Has anyone seen this kind of behavior?

Thanks

1 Comment
2024/12/01
06:49 UTC

1

false positve or nah

Hi I just wanna check or see if this file is a false positive or nah

Virus total: https://www.virustotal.com/gui/file/c49c7b648e0e8afb0d9f3b02fb198373930c7f022e7ab2e4079019ee8723f755/detection

2 Comments
2024/12/01
05:59 UTC

2

Autoruns in virustotal

https://preview.redd.it/clxpb6otd64e1.png?width=712&format=png&auto=webp&s=8c37dbd11b02a4cb9ca5c58e28843af5eb3dd4bc

I scaned microsoft autorun in virustotal and this show up

google translate: 🚀LET'S F*CK PUKIN❓ AND HIS BEaver🚀

i have never seen anything like this 🤣

link: VirusTotal - File - b04d2ac6dcc287a4b01a9cdc5bd9580a38df8a3379e03698cf7b888cdab7ea0f

it doesn't show up anymore

why does that "message" appear?

2 Comments
2024/12/01
05:49 UTC

2

Well looks like am going to be posting daily at this point but there’s a virus.exe called ground that keeps infecting my files

Windows defender and the Microsoft safety scan detect it but it always says that it couldn’t get rid of it so any advice would be helpful at this point and this time I’ll wait a week before saying that it’s resolved

8 Comments
2024/12/01
05:18 UTC

2

What can I do with Kaspersly and cloudflare?

Since just a couple of months I had a problem where all the sites that used Cloudflare where blocked, I just recently found that the only solution for fix is deactivating de antivirus.

Someone with kaspersky is having this same issue? anyone know how to fix this problem? thanks.

1 Comment
2024/12/01
04:29 UTC

2

Trojan:Script/Wacatac.B!ml False Positive?

Hey everyone! So I was just minding my own business editing on Adobe Premiere Pro when suddenly Windows Defender freaked out and alerted me that I had a severe threat detected on my PC. This was really odd to me as I don't torrent or do anything of that sort on this PC as this is the PC that I use for working.

I checked Windows Defender and apparently it detected "Trojan:Script/Wacatac.B!ml" from a .rar file in my Downloads folder that I downloaded way back in 2019. The only thing is that this .rar file ONLY contained .mp3 music files from an old music album that I downloaded and has no executables at all.

Windows automatically quarantined it but I went back and uploaded the .rar to VirusTotal to check and it seemed to come out clear. I also downloaded Malwarebytes just to be sure and ran two scans that also came up clear. To be safe, I deleted the .rar file and wiped it from my Recycle Bin and ran scans again on both Malwarebytes and Windows Defender and they both came out clear as well. To top it off, I am about to run a full scan on Windows Defender as well as an offline scan as well.

I arrived at the conclusion that maybe I got a false positive? Especially since its from a .rar file that had been sitting on my PC for over five years at this point it doesn't really make much sense to me now that after periodic scans that Windows Defender finally picks up on it. What do you guys think? Any insight would be appreciated it just for the peace of mind haha.

Here is the link to the VirusTotal scan I conducted with the file before deleting it for good:

https://www.virustotal.com/gui/file/1a3d37a16bea2571152f0140ceadf0ca92350cebbd5bca45b554a060a5e74393/detection

4 Comments
2024/12/01
03:53 UTC

3

BitDefender found a virus (?) in system32 folder. It got deleted, but anyone know what it is?

Title. It's been a nearly a year or so since I last did a scan. My computer has been running a tad slower, and I decided to start up a scan just in case. The file was in system32 which is concerning?

https://preview.redd.it/kxu023f6q54e1.png?width=929&format=png&auto=webp&s=6c02e68b84a75360ee3be71b7fc1f5c3f248b374

I also searched online, but only found a virustotal link to something that may be related. Thanks. https://www.virustotal.com/gui/file/19896a23d7b054625c2f6b1ee1551a0da68ad25cddbb24510a3b74578418e618/detection

4 Comments
2024/12/01
03:36 UTC

1

Event 4104 - When to worry?

I’ve got event 4104 for powershell on event viewer, and within it says (Script block 2/3) #string only contains hostname #hostname is already validated in IsUNCFormat function return Sfalse #remove host and backslash after host SUNCPath = Stmp.Substring(SnextSlash+1) #under certain circumstances some of these make it through the above check #so we do a direct sanity check here

It also says the source is from Micorosft-Windows-Powershell

After looking this up I was able to come up on a GitHub page (https[:]//github[.]com/cooperdustin12/psproj/blob/master/UtilityFunctions[.]ps1) that had these exact words, and at the very very top it said Copyright ©️ 2008 Microsoft cooperation After doing some digging AFTER that, I found that there’s lots of power shell malware out there, which is also logged by event 4104. However, that malware seems to be ALOT more obvious within the script block.

I’ve done scans with MD and MB, offline scan, Full scan + rootkits and found nothing, although it seems powershell malware seems to be file-less malware, so it could go undetected.

Second result I found: https[:]//forums[.]malwarebytes[.]com/topic/297491-firmware-replying-trojan-that-uses-genuine-windows-remoting-to-take-over/

Is this an official Microsoft powershell script? And if so, why would it make this log? • I don’t have Remote Desktop enabled. • This is my personal computer, I’m not in any groups or even have a school/work account on here. Any help is appreciated, thank you for reading this far.

0 Comments
2024/12/01
02:18 UTC

3

Is it a safe program?

https://preview.redd.it/d5vxfcon954e1.png?width=1203&format=png&auto=webp&s=68c5af4535d630aa7f4eaca179653608469e1ece

I recently learned about a site called VirusTotal, so I checked all the portable exes I received from non-official websites such as blogs

I found Malicious.high.ml.score in one file, but I don't know if I can use it with confidence

3 Comments
2024/12/01
02:01 UTC

1

Attack shark x3 software

0 Comments
2024/12/01
01:04 UTC

2

Url tracker on antivirus

Hey !

I just read someone saying that he gets notified if a guest uses his wifi and accesses a url that may contain malwar (like a recipe site), does that mean that if i access an adult content website (that may contain a lot of adwar) it notifies the wifi owner ? Can anyone else confirm this ? Is that feature on other antivirus such as mccafee ?

1 Comment
2024/12/01
00:34 UTC

2

Url tracker in bitdefende

Hey !

I just read someone saying that he gets notified if a guest uses his wifi and accesses a url that may contain malware (like a recipe site), does that mean that if i access an adult content website (that may contain a lot of adware) it notifies the wifi owner ? Can anyone else confirm this ? Is that feature on other antivirus such as mccafee ?

3 Comments
2024/12/01
00:33 UTC

1

Url tracking ?

Hey i just read someone saying his bitdefender notifies him of url visited by guests on his wifi that may contain malware (like recipe sites), can anyone else confirm that ? Does that mean that if i visit an adult content website (that can possibly contain a lot of adware) it sends a notification to the wifi owner ? Is that feature also on other antivirus such as mccafee ?

Thanks !

0 Comments
2024/12/01
00:30 UTC

0

Is roblox account manager 3.7.1 a virus

I have been trying to download roblox account manager 3.7.1 and on VirusTotal 2 of the virus checkers marked it as malicious is it a false positive or is the file just a virus?

3 Comments
2024/11/30
23:40 UTC

16

Whys there a picture of emus on my desktop what the heck dude

14 Comments
2024/11/30
23:29 UTC

2

Have I been fooled?

So I was making a was browsing for browser extensions obviously and I clicked on the sponsored "chrome extensions" and it opened in a separate tab and immediately closed. I proceed to click the URL two more times before realizing something was wrong. I have unlock extension installed and I figured that it probably is preventing this website from fully opening up in a new tab. Check the bottom left corner of the picture attached and look at the URL. Is something malicious going on here and if so what should I do about it.

27 Comments
2024/11/30
21:34 UTC

3

I downloaded mcafee

Is mcafee good? Or have i wasted money?

14 Comments
2024/11/30
21:12 UTC

2

Click - delete, alt-tab - close

Hi dear community. I was wondering of you guys can shed light to what's happening in PC.

Every time I click on something it deletes it, it can be a file or a folder, parallel to this issue, whenever I try to switch apps using ctrl + tab or the windows key+tab it closes the opened apps. And on chrome, when I try to move one tab to a different position, it won't do it. This can last for a while and then stops, and might come back again.

I've ran the anti-virus and anti malware on deep scan, and doesn't find anything. I run the registry check and it seems fine as well.

I'm using windows 10. My rig cannot upgrade to w.11

Has any of you experienced this? Did you find a solution?

Thank you in advance for your input

3 Comments
2024/11/30
20:53 UTC

3

Father Died. How do you cancel Norton?

Hi friends! My father passed away last year and his Norton anti virus subscription is still showing up on my mom’s credit card. We don’t know the account or the password and I can’t find a # anywhere. Any advice?

5 Comments
2024/11/30
18:38 UTC

3

Clicked link

So I was scrolling on twitter and went to pause a video when it suddenly took me to a random website that redirected a couple of times. When i realized what happened I closed the tab and deleted it from my history. I didnt get the downloading icon on google chrome, nor did my download history on google chrome show anything. I used windows threat protection to scan my pc and it showed nothing but im still worried if something happened. I disconnected my pc from the internet for the time being maybe 2 minutes after clicking the link.

Is there anyway I can be sure and/or how likely is it something happened?

2 Comments
2024/11/30
18:38 UTC

4

Help me to find good softwares

Im using Asus tuf f15 and I'm already lose my shit idk why because of armory crate or something bad in my lap..it randomly heat for no reason and not turning on the backlit until I restart..I want a good software to scan my files..I used mcafee for 1yr free but now it's expired so I deleted it...please suggest me a good software which will scans the threats and also suggest me if you know any solutions for that backlit and heat issue.Thanks in advance❤️

13 Comments
2024/11/30
17:21 UTC

Back To Top