Jump to content

HostAppService.exe | Variant Win32/Pokki C


Go to solution Solved by Misti98,

Recommended Posts

Hello there,

Today I scanned my laptop after three weeks and there have been two detections of unwanted software. However, there was no hash in the control protocol as you can see below:

Protokol

C:\Users\lsmsd\AppData\Local\Host App Service\Engine\HostAppService.exe - variant Win32/Pokki.C potenciálne nechcená aplikácia – ponechaný

Protokol

C:\Users\Default\AppData\Local\Host App Service\Engine\HostAppService.exe - variant Win32/Pokki.C potenciálne nechcená aplikácia - ponechaný

 

I could find no files or folders of these names and submit the file to VirusTotal.

I want to know what kind of malware (or adware in this case) it is (how it functions etc.). It seems that this file has been blacklisted in a recent update (after July 9 when the last control has been carried out) because I also checked my history and downloads and found nothing there (any kind of executable file) and I visited only safe websited.

 

I also want to ask you whether it is sufficent just to remove it after control or whether it is necessary to reinstall Windows.

 

Thank you in advance for your willigness to help.

Link to comment
Share on other sites

  • Administrators

It's a potentially unwanted application, ie. the detection is optional: https://support.eset.com/en/kb2629.

Pokki seems to be a Start menu application for Windows 8 which is no longer available for download.

This is what Copilot says about it:
Pokki is a potentially unwanted program (PUP) that can install itself onto a Microsoft Windows operating system with or without user consent. It has also been pre-loaded onto factory computer systems by partnering with computer manufacturers. While it may appear to enable a classic start menu in Windows 8, research shows that Pokki infiltrates systems without permission and can cause issues such as increased CPU usage and slowdowns. If you encounter it, consider removing it to prevent any unwanted behavior.

Link to comment
Share on other sites

@Marcos Thank you for your reply. After putting those files into quarantine I got their hashes:

 

93BE199F4A8B9C5187E024FF728BB6C710DA0A3E

B704E955A081D6FF1C7514492C63477794BF11F5

 

I analyzed these hashes in Virus Total and there has been no detection by Eset Nod32 (I am actually using Eset Home Premium).

 

My question now is: Can I consider my device safe after putting these files into quarantine, i.e. no need to reinstall OS? By the way, I have Windows 11, not Windows 8. Anyway, it seems that this programs were pre-installed on my device by the manufacturer, since I also have installed AppExplorer by SweetLabs.

 

Thank you for your reply & help.

Link to comment
Share on other sites

23 minutes ago, Misti98 said:

After putting those files into quarantine I got their hashes:

93BE199F4A8B9C5187E024FF728BB6C710DA0A3E

B704E955A081D6FF1C7514492C63477794BF11F5

I'm confused here.

You stated originally that;

Quote

Today I scanned my laptop after three weeks and there have been two detections of unwanted software. However, there was no hash in the control protocol as you can see below:

Protokol

C:\Users\lsmsd\AppData\Local\Host App Service\Engine\HostAppService.exe - variant Win32/Pokki.C potenciálne nechcená aplikácia – ponechaný

Protokol

C:\Users\Default\AppData\Local\Host App Service\Engine\HostAppService.exe - variant Win32/Pokki.C potenciálne nechcená aplikácia - ponechaný

I could find no files or folders of these names and submit the file to VirusTotal.

What files did you actually quarantine in Eset since you stated the files didn't exist on your Windows installation?

Edited by itman
Link to comment
Share on other sites

54 minutes ago, itman said:

I'm confused here.

You stated originally that;

What files did you actually quarantine in Eset since you stated the files didn't exist on your Windows installation?

Dear @itman,

 

Let me expain that.

 

There were no hashes stated in the control protocol. I run a second control and then I put that detections into quarantine. These files were PUP, not directly malware or potentially dangerous software. After putting those files into quarantine, hash values were generated in the quarantine (that's the second detection I have ever had using Eset, so that's why I did it this way).

 

Esed NOD 32 does not sign files with this hash values as malicious in Virus Total by the way. As I stated above, I downloaded nothing since the last control, only some png. files (photos sent by email) and PDF files. And I also discovered a process named as these detections. When I opened its properties, there was date March 12 2023. Do you have any other rational explanation than this?

 

But I just want to make sure I am right and I do not need to reinstall Windows.

Link to comment
Share on other sites

2 hours ago, Misti98 said:

it seems that this programs were pre-installed on my device by the manufacturer, since I also have installed AppExplorer by SweetLabs.

Here's some information on App Explorer: https://www.shouldiremoveit.com/app-explorer-162546-program.aspx . I suggest you manually uninstall it using like Windows method.

Based on the info provided in the article, there is no mention of any undesirable system modifications made by it. It appears its primary purpose is to serve up adware on your device; assumed via the browser. Whereas some adware might be malicious, Eset should be able to detect those. I would also check your browser installed add-ons/extensions for any not specifically installed by you.

I would say that after uninstalling App Explorer, your PC should be good to go.

 

Link to comment
Share on other sites

  • Solution
11 minutes ago, itman said:

Here's some information on App Explorer: https://www.shouldiremoveit.com/app-explorer-162546-program.aspx . I suggest you manually uninstall it using like Windows method.

Based on the info provided in the article, there is no mention of any undesirable system modifications made by it. It appears its primary purpose is to serve up adware on your device; assumed via the browser. Whereas some adware might be malicious, Eset should be able to detect those. I would also check your browser installed add-ons/extensions for any not specifically installed by you.

I would say that after uninstalling App Explorer, your PC should be good to go.

 

Thank you for your reply and help. I manually uninstalled AppExplorer in the control panel. In fact I never downloaded it – it was one of the programs preinstalled by the manufacturer. I also checked browsers and there were no extensions added except those I added myself. Anyway, I had this AppExplorer in my laptop all the time (at least since november 2023, but maybe earlier).

Link to comment
Share on other sites

11 minutes ago, Misti98 said:

Anyway, I had this AppExplorer in my laptop all the time (at least since november 2023, but maybe earlier).

FYI - Eset updates its criteria for software detection on a periodic basis. That is software previously classified as safe can be re-classified as otherwise based on recent findings in regards to its current behavior.

Link to comment
Share on other sites

1 hour ago, itman said:

FYI - Eset updates its criteria for software detection on a periodic basis. That is software previously classified as safe can be re-classified as otherwise based on recent findings in regards to its current behavior.

Yes, I do know that. I had a similar issue with a not-up-to-date driver on my desktop 1.5 year age, no detection for two or three months and then the resident prodection decected it and put into quarantine. This is probably also that case.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...