Jump to content

BingWallpaperApp.exe (MSIL/Microsoft.Bing.A) multiple warnings


Go to solution Solved by Marcos,

Recommended Posts

Hey ESET-Forum,

since today we got multiple PCs with a warning of BingWallpaperApp.exe from Module scan of system boot area and Module extended memory check. It's being declared as a variant of MSIL/Microsoft.Bing.A PUA.

Anybody else getting this? I'm pretty sure that's a false positive, never have gotten this before.

Link to comment
Share on other sites

  • Administrators
  • Solution

The detection is correct. We've started to detect the application as potentially unwanted (optional  detection) as of today. Microsoft was informed about the reasons of detection.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

The detection is correct. We've started to detect the application as potentially unwanted (optional  detection) as of today. Microsoft was informed about the reasons of detection.

Can you share the reasons with us too?

EDIT: Is there a resource where we can see what changed for signature or module updates?

Edited by thae
Link to comment
Share on other sites

We are also receiving MANY of these alerts this morning (Example alert detailed below) - If these are not false positives, is there a recommended course of action?  - thanks! 

Operating memory » BingWallpaperApp.exe(6832) contains a variant of MSIL/Microsoft.Bing.A potentially unwanted application.

Link to comment
Share on other sites

I'm having this issue since a few hours as well. I'm surprised to see it's confirmed as not being a false positive.

Marcos confirmed that it's "potentially unwanted (optional  detection)".  It's also labelled upon detection as a PUP. And it's a Microsoft product. So I don't think it's actually dangerous, but more of a potential annoyance.

The program does by default try to change both your start page and your search engine to Bing on all your browsers. This can be toggled off, but it means the program has the ability make such modifications. That could be the reason why ESET decided to classify it as unwanted. That would also explain its name classification (MSIL/Microsoft.Bing.A).

In any case I'm just guessing here, so we'll have to wait for @Marcos, the ESET team or Microsoft to give us a definitive answer. In any case thanks a lot for your answers, I'm glad to know more about that 👍.

Link to comment
Share on other sites

12 minutes ago, LoneMudokon said:

The program does by default try to change both your start page and your search engine to Bing on all your browsers. This can be toggled off,

How is that possible. I've not seen those options available.

Link to comment
Share on other sites

Quote

The program does by default try to change both your start page and your search engine to Bing on all your browsers. This can be toggled off

This, as a blanket statement, is not true. To "try to change" you mean it asks, "would you like to"? Is this an annoyance, really? In who's eyes? I don't want your "protection" from life's annoyances. This smells like an overreach.

Can we get just virus protection, thanks.

Link to comment
Share on other sites

1 hour ago, VidStar said:

How is that possible. I've not seen those options available.

It is during the installation, and it is checked on by default. Here's a screenshot of the installer. Once installed it doesn't offer that option anymore.

Bing Wallpaper Installer.jpg

Link to comment
Share on other sites

LoneMudokon, 

Thanks for that - helpful to also understand where one can source this program...

Is this application bundled with Windows 11 by default/automatically downloaded
I have had a user report this detection - I will be doing some investigatory work tomorrow to figure out how this has ended up on their machine...

Link to comment
Share on other sites

  • ESET Staff

For those looking for assistance in removing this software, here are some steps to remove this from individual computers:

  1. Windows + R
  2. type "Appwiz.cpl" and press enter
  3. Find and uninstall/remove (at the end of the uninstall, you may be directed to a Microsoft web page asking if you meant to uninstall and asked if you want to reinstall.  Just close this):
    • Microsoft Bing Service
    • Bing Wallpaper
  4. After that, start opening each web browser and checking for Bing Homepage/Search extensions/plugins and remove them (the prior uninstall leaves these in place and does not remove them).
    • Chrome: In the address bar, navigate to "chrome://extensions/" and click "remove" to any thing like:
      • "Microsoft Bing Homepage & Search for Chrome"
      • After removal, you may be taken to a web page asking if you want to reinstall the extension.
Link to comment
Share on other sites

  • ESET Staff

For those managing multiple computers via ESET Protect, and would like a more streamline way of removing this software from all computers, this can be done for the installed software, but not for the browser plugins.  Browser plugins are managed by the individual browsers, and not directly by the OS.

 

These steps are not working 100% for the Bing Software mentioned in this thread.  If I can improve upon this, I will post later.

 

Here are the steps to use ESET Protect to uninstall 3rd party software which can be seen by ESET:

This will guide you through the following:

  • Ensure ESET Protect can see installed non-ESET Applications
  • Create a dynamic group to group all computers with unwanted applications
  • Create tasks that will run...
    • ...anytime a computer has the undesired software installed and shows up in the dynamic group (thus uninstalling the unwanted software anytime a new computer joins this group)
    • ...one time run of the tasks on computers that already joined the group while you created the tasks (to uninstall the unwanted software from computers that had already joined this group)

 

I. Setup ESET Management Agent to report non-ESET Applications (only needed if not already configured)

  1. In ESET Protect, navigate to "Policies > New Policy"
  2. Name the policy "Report Non-ESET Applications"
  3. In "Settings" ensure you select "ESET Management Agent" from the drop-down at the top
  4. Expand "Advanced Settings" and locate and turn on "Report non-ESET-installed applications"
    1. image.png
  5. Assign to either the "All" group, or to specific groups/computers of desire.
  6. Continue and finish creating the policy

At this point, it may take a bit for the non-ESET software to be reported to ESET Protect.  Your endpoints will need to check in once to get the policy, then check in again to supply the new info, then ESET Protect will need to parse and put the info into the database.  Default check in times are 10 minutes.  So you should start seeing the non-ESET applications in about 30 minutes in the following area:

II. Check to see if ESET Protect sees the 3rd party applications:

  1. In ESET Protect, open the details of an individual computer, then click on "Installed Applications"
  2. If you can see Non-ESET applications, your settings are applied and working.
  3. You can also check to see if you see your undesired software is visible and has a "Yes" in the column "Agent supports uninstall" which means ESET can attempt to uninstall this software

III. Create a dynamic group to group all computers with undesired software (this will help you see how many computers you have with the unwanted software, and allow for a quick way to uninstall the software)

  1. In ESET Protect, click on Computers on the left, locate "Windows Computers" in the list of Groups.
  2. Click on the gear to the right of this, and select "New Dynamic Group"
  3. Name the group "Has Unwanted Software"
  4. in the "Template" section, choose "New" and set the following:
    • Name: Unwanted Software
    • Expression:
      • Operation: AND (All conditions have to be true)
      • Click Add Rule and choose: "Installed Software > Application Name", and click OK
      • Click Add Rule and choose: "Installed Software > Application Vendor", and click OK
      • For Application Name, set to "is one of" and fill in the name "Microsoft Bing Service"
        • In the Application Name section, click "Add" and then fill in the name "Bing Wallpaper"
      • For Application Vendor, set to "is one of" , and fill in "Microsoft Corporation"
      • Should look like this:
        • image.png
      • Click Finish
  5. Over a short time, you will see computers start to appear here.  Next we will make a task to remove the undesired software.

IV. Create a task to start uninstalling unwanted software

  1. In ESET Protect, click on Computers on the left, then locate your newly made dynamic group named "Has Unwanted Software"
  2. Click the gear next to the group name and click "Tasks > New Task..."
  3. Name the task "Uninstall unwanted software - Microsoft Bing Service" and in the "Task" drop down, select "Software Uninstall" and click "Continue"
  4. In this Settings section, click on "<Select package to uninstall>" and select the first piece of software to uninstall "Microsoft Bing Service"
  5. You may desire to click on "Uninstall all versions of package" to ensure any version gets removed.
  6. Click "Continue" to get to the targets and ensure your desired target group "Has Unwanted Software" is showing in the list and then click "Continue"
  7. In the "Trigger section" set the trigger type to "Joined Dynamic Group Trigger" (this will run this task on any computer as it gets added to our dynamic group, but not on computers already in this group.  We will remedy this shortly.)
  8. Continue and finish.
  9. On your group "Has Unwanted Software" click the gear and choose "Tasks > Run Tasks"
  10. Click on "Add Tasks" and find and checkmark your "Uninstall unwanted software - Microsoft Bing Service" and click OK
  11. For the "Trigger" section, ensure trigger type is "As Soon As Possible" and click finish.
  12. Repeat steps 1 through 11 but:
    • in step 4 select "Bing Wallpaper"
    • in step 3 and 10 use the task name "Uninstall unwanted software - Bing Wallpaper"
Edited by JamesR
Link to comment
Share on other sites

I use Bing wallpaper since some weeks, today appears this ESET notification: MSIL/Microsofot.Bing.A is trying to access to DotNet.
Enterprise: Unknow.
Reputation: (i)
File: Script.
Detection: PUA

How we could know if the app dll's was modified by a hack?
 

 

Link to comment
Share on other sites

@JamesR Thanks for the detailed instructions. Thankfully, I didn't had any Bing service or web extensions installed (I unchecked those when I initially installed the software). So all I had to do was to uninstall Bing Wallpaper. However it's worth mentioning that ESET was blocking the uninstallation process as well. I know it's not recommended, but I had to disable ESET to be able to uninstall Bing Wallpaper. However, it is now fully uninstalled and a full scan with ESET showed no other issues.

Thanks to the ESET team for your support, that's why we love you guys, you're the best 👍. Just out of curiosity, are you taking measures now because Bing Wallpaper was a PUP since the beginning, or was there something new or a change to the software that made it worse?

Link to comment
Share on other sites

3 hours ago, Anas Hussain said:

LoneMudokon, 

Thanks for that - helpful to also understand where one can source this program...

Is this application bundled with Windows 11 by default/automatically downloaded
I have had a user report this detection - I will be doing some investigatory work tomorrow to figure out how this has ended up on their machine...

You're welcome 😉.

Bing Wallpaper is not installed with Windows 10/11 (any version) by default. It's an additional software that must be installed separately. As for the official source, if you Google "Bing Wallpaper" it's literally the first result, directly from Microsoft's website.

However it could have been bundled during another software installation (I don't know if Microsoft bundle it or not). Also, Microsoft is very pushy with their Bing and Edge products. I wouldn't be surprised if your user made a search, ended up on Bing and was proposed the software then. 

Link to comment
Share on other sites

28 minutes ago, itman said:

As far as Bing Wallpaper goes and effective with Win 11 22H2, it is now integrated with SpotLight: https://www.digitalcitizen.life/bing-wallpaper-windows-11-with-windows-spotlight/ .

Well not really. Starting Windows 11 22H2 you can get daily Bing wallpapers directly from the Windows settings with the Spotlight feature. That means Windows will fetch those JPEG files from their Bing service and nothing more, and this can be used without any risk.

But it does not mean that the Bing Wallpaper app is installed with Windows. The Bing Wallpaper app and its potentially unwanted behavior is not installed with Windows. It has to be downloaded and installed separately.

I just wanted to clarify so that there would not be any confusion on the matter.

Link to comment
Share on other sites

  • Administrators
1 minute ago, Pawel15 said:

hey, now it looks like Eset is blocking the download of the app https://download.microsoft.com/download/9/1/1/911276db-dcd3-4129-9639-375613697b11/Installer/2.0.0.0/Bing/W011 /BingWallpaper.exe

Not just now, it's been blocked since the detection was added.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...