/r/antivirus

Photograph via snooOG

For all of your Antivirus needs.

Welcome to r/Antivirus

Everyone:
Please take a moment to familiarize yourself with our rules and check our regularly-updated wiki before posting. The top rules are as follows:

  • 🆕 Asking a question about a VirusTotal or Hybrid Analysis report? Include a link to it, not just a screenshot, or your post may be removed.

  • Do not post links to websites offering commissions, affiliate links, or sponsored installs.

  • Do not intentionally link to malicious sites (links to VirusTotal and Hybrid Analysis are fine). If you must post a link, please 'de-fang' it by breaking the URL up with brackets like so: https[:]//www[.]example[.]com

  • Failure to respect the rules and each other may result in a permanent ban.

  • If you see any spam or abusive messages, please use the report function to report it to the mods.

The complete list of rules can be found here.


Regular Users:
Welcome! You can get all of the help you need here, along with advice on removing any kind of malicious or unwanted software and choosing the right antivirus/internet security/endpoint protection for you!


Security Vendors:
You are more than welcome here, as long as you respect Reddit's Self Promotion rules, and are not pushing your product unduly. Do not abuse your welcome. Posting about Sales, Beta's, that sort of thing is allowed, but don't spam it. You are expected to participate in discussions where you can lend your expertise. Click here send a message to the r/antivirus mods so we can set you up with your company flair.


👉We Have a Wiki! (Click Here)

Our regularly-updated wiki contains all sorts of useful information, including links to reputable developers of antivirus/antimalware/internet security/endpoint protection/endpoint detection and response/{insert marketing-term-du-jour here} programs, information about specialized scanning and cleaning tools, information about security tests and testers, practical information on securing your devices and a glossary.

PLEASE CHECK THE WIKI FOR BASIC HELP + TROUBLESHOOTING INFO BEFORE POSTING.

/r/antivirus

72,399 Subscribers

1

Unsure how to remove a virus - multiple accounts accessed

Very stupid thing, but recently I accidentally download the wrong file when trying to patch a pirated copy of Ghost of Tsushima, which is likely where the virus came from.

Some maybe days later, I noticed a post and story on my Instagram account with a bitcoin scam. Changed passwords and activated two-factor authentication. I think at this point I also reinstalled Windows while keeping a drive with games (the GOT file was a scam download button from a website, nothing to do with the actual game).

I reinstalled a few apps and was restoring things, noticed this post on my Reddit account that I did not make, so I ended up reinstalling Windows again, this time deleting everything and even clicking the "format" icon from the installation menu. It should be enough, but today I received a notification from Facebook Ads, three ads were created in Russian and I believe blocked by Facebook some time later, my account restricted. Not yet sure if I'll get charged for it or not.

I don't get how I could still be infected. I reset the computer and changed the passwords, even then they accessed the Meta account. I didn't get any login attempt or successful login email and no one is using my computer in a way I can see or find evidence, like in Chrome's browser history.

As of now, Malwarebytes, Windows Defender and Avast have found nothing. I'm downloading some Kaspersky Rescue Disk I found on Reddit and we'll see. Is there anything else I can do?

If it's just resetting every password, fine, it'll just take a long time, I have Bitwarden and every password is unique. Just want to be sure that's all I should do.

0 Comments
2024/06/20
08:00 UTC

8

School website got hacked. Fishy popup wants me to run this command in Powershell(Admin). What does this exactly do?

9 Comments
2024/06/20
07:29 UTC

1

Any way to remove dinoklafbzor org?

I'm a dumbass and got infected by it, and from what I found nothing reliable is there of a solution, any help?

1 Comment
2024/06/20
01:55 UTC

0

Video downloaded (automatically) on WhatsApp

Hello! I received a message on my iPhone clearly from a scammer with a fake number which included a video. They were trying to recruit me for a job. I didn't watch the video, but I opened the message to block the person. WhatsApp automatically downloads media, so the video was stored in my WhatsApp storage. My understanding is that I have little to worry about, but the fact that the video was technically stored on my phone gives me some caution. I've since deleted the video and blocked the person. Is there something I should be doing to ensure my phone is safe? Thanks.

2 Comments
2024/06/19
23:59 UTC

1

Trojans

I downloaded Trojans onto the computer, and I had my external drive plugged in with my backup files. I wiped my computer; are those files still okay to upload once the computer is done being wiped?

5 Comments
2024/06/19
23:43 UTC

0

Antivirus keeps finding and deleting adware, why do I keep getting adware?

For the past few days, I've been getting notifications from my antivirus software telling me they've detected and deleted software that can pose a threat to my computer. It's the same one each time:

Application name: svchost.exe

Application path: C:\Windows\System32

Component: File Anti-Virus

Result description: Detected

Type: Adware

Name: not-a-virus:HEUR:AdWare.Win32.SweetLabs.gen

I've been getting the same notification about the name application name over and over. I don't see it in task manager. What should I do? Should I be concerned?

Many thanks!

2 Comments
2024/06/19
23:40 UTC

1

My cursor and screen moves by itself and clicks and closes tabs randomly

I've run multiple Malwarebytes scans as well as my Katspersky scan as well. But I do not know what to do anymore. Any and all help will be appreciated

1 Comment
2024/06/19
22:57 UTC

3

I'm a bit nervous, I went on a movie streaming site and I got 2 quick tab popups that closed nearly instantly.

These are the tabs:

https://preview.redd.it/5xec78s0xl7d1.png?width=1386&format=png&auto=webp&s=82441e699e995c133c7aaaec86625f2e78192cfd

I scanned the tabs with virustotal, and only 4 antiviruses flagged it
I have no idea with existenceprinterfrog is. I am a bit worried because the link says "Token" which i assume would be there to take my login token or something?

https://preview.redd.it/29mvob5dxl7d1.png?width=1697&format=png&auto=webp&s=5335b06cacce8d87b9cf0444a8759d9b8096caa9

https://preview.redd.it/jte6nf4dxl7d1.png?width=1722&format=png&auto=webp&s=f0ec49fcc4ff4d255df28d53b3b663859e5f29ed

This is what virustotal said.

I always have realtime protection on and nothing really flagged up. I did a hitman pro free scan and also nothing came up. I checked on process hacker and, again, nothing came up. Should I be fine? Is there anything else I can do?

EDIT : I also have Malwarebytes browser protection alongside uBlock origin.

Here are the virustotal links :
https://www.virustotal.com/gui/url/61f06e187f22eb3db4a606da225ab2f52915132f88a60c5eb1a0afff0832629e/detection

https://www.virustotal.com/gui/url/b3ca59a140d591a9f86ee21b9abb255f9c021eab2572d6132b91a203d4c61921

3 Comments
2024/06/19
22:47 UTC

3

Downloaded two Trojans, what to do

I downloaded Trojan:Win32/HeavensGateShell.YAA!MTB and Trojan:Win32/Penguish!MTB

I’m running Malwarebytes right now to get rid of them, but is that enough or do I need to wipe my computer? How fucked am I?

3 Comments
2024/06/19
20:10 UTC

4

which AVs should I get rid of?

I noticed today that my laptop has slowed significantly when starting up and thought that it might be because of the vast amount of antivirus software that I have, so if possible, can you guys tell me which anti-viruses I should uninstall? Here is my list:

Norton 360 (free trial over)

AVG Antivirus free

Malwarebytes (free trial over)

RAV endpoint protection

P.S some recommendations for a free antivirus is also appreciated

11 Comments
2024/06/19
19:55 UTC

1

I accidentaly clicked on a fedex scam link am i fked?

Today i was checking my mails and i got a message from a obv fedex scam the problem is that i missclicked on it and it opened a tab with a strange link and then it redirected me to a "press to continue page" first time it opened i closed it before it redirects me to the "press to continue page" but then i opened a new tab in incognito mode for curious and noticed that.

first it opens the ip http link then redirected me to many pages.

here's the images :

https://preview.redd.it/ha9oh08xxk7d1.png?width=623&format=png&auto=webp&s=56243b571b1823f421cd2f6fbd706a20f222f052

https://preview.redd.it/nenzhy8lxk7d1.png?width=1280&format=png&auto=webp&s=ce5f5cd98eb0e64fe72f71da72f01d238707f1d6

2 Comments
2024/06/19
19:28 UTC

1

Possible malware or am I just paranoid?

Stumbled upon a PDF file that when opened wrote to "imm32.dll" and before opening the PDF, Mitre, Sigma rules and network comms came up clean when scanning "imm32.dll". After opening the PDF I got 2 Sigma matches: Audit Policy Tampering via Auditpol & Rundll32 Internet Connection and a connection to an unknown IP via port 80 through "rundll32.exe", also writes to "\Device\ConDrv\\Connect". Zero detections both before and after. Possible Botnet through C2 server?

Virustotal scan: https://www.virustotal.com/gui/file/292d936a0d1e08c845fe9ace750ce09217b9c2471387f230f0c17de4a3e498c8/behavior

2 Comments
2024/06/19
18:49 UTC

1

AVG deleted 4 years of files from my android

Has anyone had AVG delete files from your phone? Ive just had 4 years, nearly 300gb of valuable photos, videos, music and documents permanently deleted from my phone during a "clean" to delete "unnecessary files".

Its the first time ive ever selected the option in the app as it said I had 200mb of potential files ledt behind from uninstalled apps. I figured why not. The next day i realised i couldn't find some music i wanted to play and saw that 90% of it was gone from my phone.

Today i realised all my photos and videos had been deleted. 4 years of memories ill never get back. From the birth of my kids, watching them frow through the years til present. Overseas vacations. Work related photos. All gone.

Ive checked my recycling bin and theres nothing in there.

Avoid using this app at all costs

0 Comments
2024/06/19
18:21 UTC

185

I am pretty sure I have been hacked, what do I do?

37 Comments
2024/06/19
18:21 UTC

1

Can Bootkit viruses affect MBR?

I'm curious

2 Comments
2024/06/19
17:27 UTC

3

Does setting network to Private or Public matter for malware spreading in a network?

Does the setting matter where your PC is not discoverable on a network when it comes to "automatically" spreading viruses on the network? I know that it might do something against someone manually trying to give you malware on the same network, but say someone on the same network has malware with network spread capabilities on his PC from an unknown origin and you are on the same network. Does the network privacy setting have any power in a situation like this?

1 Comment
2024/06/19
16:45 UTC

1

Does hybrid anaylsis disribite data

Does it distrubute data like virus total would or is there a check ir similar settings to make it not distribute samles

1 Comment
2024/06/19
15:43 UTC

2

discord virus

can opening an image on discord somehow give you a virus/malware/ or steal your token?

p.s. i didnt even open it on browser i just clicked it to enlarge it

(i think that its not possible but i need some reassurance for my paranoia)

2 Comments
2024/06/19
14:14 UTC

2

Safe or not safe?

Hi. Recently theres a trend of tiktok where a anime character dances on the desktop. Name is konata desktop dancer idk

Anyways there were people that are saying this is a virus/spyware whatever and there a people that are saying it is not a virus

I tested it myself and threw it into virustotal and got a 3/74 detection. My antivirus also didnt flag anything while I ran the .exe

Heres the virustotal: https://www.virustotal.com/gui/file/565693b546ad31afae5b00ab2f54db4211949665ff22a09aa769689d852c736d

What you guys say? Safe or nah?

0 Comments
2024/06/19
13:31 UTC

2

Win64/Rozena.ABC

Hi All. Windows 11 Pro. Eset Nod32 is flashing up warnings about Win64/Rozena.ABC attaching itself to all manner of .exe files - Says it's blocking them and I need to reboot to complete cleaning process. Reboot has no effect, warnings still popping up. Have run a full Malwarebytes Premium scan, nothing found. Have run RKill, found nothing. Nothing untoward in the list of installed apps. No obvious dodgy-looking processes running. Booted into safe mode, was unable to get the start menu to open, but could run Explorer. Now back out of Safe mode, full Nod32 scan running, nothing found so far. Can anyone help please? TIA.

6 Comments
2024/06/19
11:38 UTC

1

How can i remove PcAcceleratePro disguised as this file ? I’ve tried windows defence and AVG and add or remove programs but I can’t. This is an older laptop that stopped working before.

5 Comments
2024/06/19
10:26 UTC

22

Is windows defender enough?

Like I only use my Laptop to play games I download of steam and gamejolt or for creative writing.

Most of my banking and social media is done on my phone so is windows defender enough for what I’m doing on my laptop currently?

23 Comments
2024/06/19
10:16 UTC

1

What happened to the Steam installer?

Hello!

So the new Steam Installer seems a bit off. First off, MaxSecure is reporting: Win.MxResIcn.Heur.Gen. Yesterday, 2 antivirus programs reported the SteamInstaller.exe as malicious, however today only MaxSecure seems to flag it.

https://www.virustotal.com/gui/file/7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb/detection

I have contacted MaxSecure about a possible false positive and asked them to look into it.

However, checking the comments I see the following:

FileScan.IO Analysis:

Verdict: LIKELY_MALICIOUS
Confidence: 100/100
Tags: installer,lolbin,overlay,packed,shell32,html,peexe,microsoft_visual_cc
Domains: cacerts.digicert.com,crl3.digicert.com,crl4.digicert.com,digicert.com,nsis.sf.net
Hosts: 2.10.91.91,2.10.91.91,104.18.34.154
Report: https://www.filescan.io/reports/7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb/320f7149-3f39-4d1a-891d-5ba8bb544058

Along with concerned comments like:

"Hello all, so I downloaded this exe after reinstalling windows from the official steam website, trying to understand why it would say its malicious? https://store.steampowered.com/ The URL I checked on Virus total and it had an outstanding reputation?"

"Isn't this official Steam installer?"

Harmless or what do you guys think?

3 Comments
2024/06/19
09:36 UTC

1

Wtf is this thing? Is it a virus?

6 Comments
2024/06/19
09:29 UTC

4

Just noticed these today are these viruses? I don't have these drives.

1 Comment
2024/06/19
09:18 UTC

3

.scr file — safe or not?

Recently downloaded a screensaver; it’s a fairly popular and trusted screensaver from a good source, but my antivirus (Bitdefender) absolutely hates it. Is this something that will happen with all .scr files, or is there actually malware in this file? I think it’s just a normal antivirus response to this type of file, but I just want to make sure. Thanks!

6 Comments
2024/06/19
07:20 UTC

2

Is the community aware of these viruses? Applvl & Vix

I got two viruses last month, the first is Applvl. It's a trojan I downloaded accidentally. It gains access to passwords and spams your Google account's drive in order to fill up the space and block you from sending & receiving emails. Overall, if you delete the virus and change passwords, it's not harmful to you anymore.

The second one is called Vix. Vix came in a package deal with Applvl for me, but I had to open Vix up manually to start it - this time I immediately noticed it was a virus and deleted it in about 10 seconds, so I don't know what it's capable of.

I made this post so if someone has any of these files and searched them up on Reddit to see if they are viruses / malware, they'll know immediately. Stay safe 🙏❤️

0 Comments
2024/06/19
05:57 UTC

Back To Top