Jump to content

I downloaded fake MSI Afterburner


Recommended Posts

When i downloaded it ignored the Windows protection thinking it was a false positive, the downloaded content was in a zip file, when i tried to run it it was blocked luckily, and windows instantly started working to remove some of the Trojan, one thing it did not detect was found in malware-bytes, I'm wondering if I should be safe now or if i should take further action by installing another anti virus software, or should I also reinstall windows on a USB? 

The file Malware-bytes found was a trojan.smokeloader 

Link to comment
Share on other sites

8 minutes ago, Marcos said:

By Windows protection you mean SmartScreen? Do you have a free version of MBAM without real-time protection installed? Is the file detected by ESET? Please scan it at https://www.virustotal.com and post the link with results here.

It was SmartScreen, it dectected two files that were quarantined then deleted, and it is the free version of MalwareBytes but im pretty sure i have a premium free trial. I do not currently have the ESET anti virus, and if i deleted the file is there a way to submit it to virustotal without having to re download it? 

Link to comment
Share on other sites

8 hours ago, Gello said:

when i tried to run it it was blocked luckily, and windows instantly started working to remove some of the Trojan

Assumed here is it was Windows Defender that detected the malware and removed what it detected. Whatever WD detected and removed should be in its quarantine file. You can view what is in the quarantine file per instructions here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-worldwide . You should be able to restore the file from quarantine and submit the file to VirusTotal for scanning. I don't know if this is really necessary since you don't have Eset installed. When @Marcosmade his posting, I believe he was under the assumption you had an Eset product installed.

Note that this is an Eset forum and its primary purpose is to resolve issues with Eset installed products. Non-security product specific malware removal assistance can be provided at the following linked forums:

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

https://malwaretips.com/forums/windows-malware-removal-help-support.10/

-EDIT- I also might be wrong about WD detecting this fake MSI afterburner malware. Here's a recent article on the malware: https://www.bleepingcomputer.com/news/security/fake-msi-afterburner-targets-windows-gamers-with-miners-info-stealers/ . Of note is the following:
 

Quote

Unfortunately, almost all of this fake MSI Afterburner campaign's components have poor antivirus software detection.

VirusTotal reports that the malicious 'MSIAfterburnerSetup.msi' setup file is only detected by three security products out of 56, while the 'browser_assistant.exe' is only detected by 2 out of 67 products.

There are only a handful of AV''s detecting both above malware components with Eset being one of them. VT showed neither WD or MalwareBytes detecting the components.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...