Insider Preview Anyone think I should rebuild my System !! ;)

Saltgrass

Excellent Member
Microsoft Community Contributor
#1
I suppose my foray into Torrents ended up causing me a few minor problems. It might be fun to try to remove whatever is actually causing this, but Malware Bytes has found problems prior and these are recent so the problem endures.

If I wanted to try to remove the problem, any suggestions beside Malwarebytes and Defender to attempt to rid the system of this scourge. I found this stuff because I was looking for what was playing an ad on my desktop, which turned out to be a Skype add-on to IE.

Thanks...

Stream Ad_4.JPG
 


MikeHawthorne

Essential Member
Microsoft Community Contributor
#2
Hi

I like SuperAntiSpyware, I use is along with Malwarebytes.
It finds some things that Malwarebytes doesn't some times, and visa versa.

I've used both for a long time.

http://www.superantispyware.com/

You could also look at Spybot, which blocks a long list of predetermined sites.
At this point about, 220,000 sites.

http://filehippo.com/download_spybot_search_destroy

Mike
 


davehc

Essential Member
Premium Supporter
#3
WOW. With that lot, I would not even think of cleaning - fresh install. (And keep away from the torrents!!!!!!!)
 


Trouble

Noob Whisperer
#4
Nice...
Hey Clark, I've seen worse. Maybe give it a go.....
These are the programs I use to generally delouse a computer with virus and or malware issues.
ADWcleaner from here http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
JRT (Junkware Removal Tool) from here http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
Norton Power Eraser from here https://security.symantec.com/nbrt/npe.aspx
Malwarebytes from here http://www.malwarebytes.org/mwb-download/confirm/
Ccleaner from here http://www.piriform.com/ccleaner/download/standard
TFC.exe (Temporary Files Cleaner) from here http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
ESET Online Scanner from here http://www.eset.com/us/online-scanner/
Eset online scanner is a bit different than the others in that you need to either use
IE or download and run their smart installer if you're using another browser. Then tick
the radio button that says "Enable detection of potentiall unwanted application"
Then click the link that says "Advanced settings", then check all the boxes except the
one that mentions "Use custom proxy settings", unless of course you're using a Proxy
Server. Then just click "Start", it will do a thorough system scan so it takes a long
time.
I don't check the links above everyday, so if you have any problem with any one of them then just Google for the program name but use the site names that I have recommended since I'm relatively certain they are free of extraneous garbage.
 


OTT

Active Member
#5
Use the programs Trouble recommended and after that use Kaspersky Security Scan.
If that comes back with a clean state all should be fine !

Extra Info :
"winupd.exe" seems to be related to "MSStartOptimizer" and that is related to an "Adult content dialler"...
No torrent involved in that... :blow:

OTT
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#6
Ott, this system has not been messing around with any Adult Content sites. But I remember a time last year when I got something like that when I was looking for Truck Parts. During my Torrent experience, I may have clicked on something I should not have...not that familiar with how the torrents work.

I will follow some of the suggestions to see if those utilities find anything. Currently I have run Defender in a Full scan and it did not find anything. Malwarebytes has not found anything the second time.. But rebuilding to a clean install will be on the top of the list if I find more items being installed.

But this got me thinking, since I have been playing with Cortana and Spartan. Cortana asks for permission to have access to your system before it runs. I don't know exactly what or how it accesses the system, but it does open websites, depending on what you ask it to do. I was wondering if it could be used as a conduit for spyware to be placed on your system.

Also, OneDrive is used to sync between computer systems. If one system had been infected, could it be used to transmit malware to another system?

I will post back if the suggested utilizes turn up anything... Thanks.
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#7
Well, I tried Mike's Spybot recommendation first and all it found was cookies, none of which showed to be high risk. During the Scan I got a message from something the drive needed to be checked. A reboot resulted in a Blue Screen, so now I am trying the rollback option to see if it even works.

Could just be coincidence or the scanning put extra stress on the drive. None of this is a problem, since all I have to do is reimage, but if I get the system back I will continue with the other suggestions.

Well, the rollback seems to have worked and since this install was an 8.1 upgraded directly to build 10049, it put me back in 8.1.... Another test conducted... ;)
 


Last edited:

OTT

Active Member
#8
Ott, this system has not been messing around with any Adult Content sites. But I remember a time last year when I got something like that when I was looking for Truck Parts. During my Torrent experience, I may have clicked on something I should not have...not that familiar with how the torrents work...
First and foremost... it was not my intention to accuse you of something ! ;)
Everybody (you or someone else) can click on something that's not what it seems to be...

Second.
To be sure you should run the programs proposed by Trouble and then the Kaspersky Security Scan.
If that comes back with a clean state all should be fine !
Since it is/was a Trojan (dropper/downloader) you should consider changing your passwords !

OTT
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#9
Good idea about changing passwords. I suppose it is good my Windows 8/10 systems are just test systems and I don't use them as primary systems.

Since the problem after Spybot, the situation has basically resolved itself. The rollback to 8.1 seemed to work fine and was much faster than I expected. I am now upgrading to 10049 again to see what happens. I am going to start running Malwarebytes more often to see if I can catch something. I will still assume the Torrent download allowed the bad stuff to invade my system, but not completely sure. The Skype IE Browser Helper Object still has me wondering.

I didn't think you were accusing me of anything, just wanted to point out you can pick up all sorts of things even at sites you might think would be safe. It is also interesting that Defender did not say a peep during the entire situation....

Thanks for the help.
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#10
Well, change in plans. Since build 10061 is now available, I will just skip 10049...
 


MikeHawthorne

Essential Member
Microsoft Community Contributor
#11
Hi

I'm surprised that you had issues with Spybot, it a long established program that goes clear back to Windows 95.
I have it installed now, and use it mostly for the blocking service of identified malicious sites and files.

My main complaint about it was that it was something of a resource hog on my earlier computers.
On my present computer I don't see any slowdown when using it.

I haven't seen any issues running it in Windows 10.

Mike
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.