136
votes
Accepted
Why does anti-virus software not delete the viruses, malware, etc., but instead quarantine them?
Viruses and malwares are not dangerous if not executed.
A file in quarantine cannot be executed by the user and the malicious code (virus or malware) has no possibility to act. If the virus/malware is ...
- 19.1k
88
votes
Why does anti-virus software not delete the viruses, malware, etc., but instead quarantine them?
Anti-malware applications provide a quarantine option, which is often on by default in order for two reasons:
Keep a backup of the items identified as threatening in case of a false positive. ...
- 2,160
71
votes
Why does anti-virus software not delete the viruses, malware, etc., but instead quarantine them?
For the same reason that (most) governments arrest suspected criminals instead of shooting them on the street at the slightest provocation:
You want to give the suspect a chance to defend themselves, ...
- 3,076
47
votes
Accepted
CMD prompt window pops up and instantly disappears periodically
Check the task scheduler, see if anything added in there could be triggering it.
- 931
40
votes
CMD prompt window pops up and instantly disappears periodically
I think it's fixed! I checked the Task Scheduler, like NetServOps said, and found one line item that was scheduled to run every 10 minutes. "Firefox Default Browser Agent A99BB431EF49E2C3". ...
- 601
34
votes
Accepted
Is this scvhost.bat with cryptonight a virus or miner?
This does seem to be a miner of some sort, especially since the parameter contains the URL to a mining pool. However, you need to be sure what is in the binary. It would make sense to compare ...
- 17k
32
votes
How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?
Ransomware
A newer, particularly horrible form of malware is ransomware. This kind of program, usually delivered with a Trojan (e.g. an e-mail attachment) or a browser exploit, goes through your ...
31
votes
Accepted
Can a Chromebook be infected by a computer virus through a malicious website?
Tl;dr - yes (but unlikely).
From https://en.wikipedia.org/wiki/Chrome_OS:
Chrome OS is an operating system designed by Google that is based on
the Linux kernel and uses the Google Chrome web ...
- 4,465
30
votes
Has my macOS Sierra system been infected by unknown users?
Apple's macOS has a number of built-in user accounts, with many of the system services running under dedicated user accounts. These special user accounts are prefixed with an underscore (_).
For ...
- 568
30
votes
How to be 100% certain a USB drive has not been tampered with and has no malware?
There is no way to be 100% sure the USB is safe, and that it will not harbour malware even if wiped. (If I were that way inclined, and had the knowledge, a small chip with malware, not active, with a ...
- 71.3k
29
votes
Accepted
An unrelated program (Clash for Windows) links to FFmpeg libraries. Can it be spyware?
From the app's overall appearance in its official screenshots as well as the presence of en-US.pak and GPUCache in your DLL list (that is, not just "GPU cache" generally but that specific ...
- 464k
15
votes
Can TrueType Fonts contain malicious code?
According to the Wikipedia entry on TrueType, a hinting language is used during rendering. This hinting language is processed by a virtual machine, but it allows opportunities for malicious hinting ...
- 74.2k
14
votes
Accepted
Your connection is not private - Attackers might be trying to steal your information
I have encountered this issues several times before. In most cases, it's caused by:
Wrong date & time on your computer (or device you are using).
Google Chrome cookies & cached files.
DNS ...
- 623
14
votes
CMD prompt window pops up and instantly disappears periodically
I had the same issue a few years ago, and I found the culprit using the Sysinternals tool Process Monitor.
Download Process Monitor.
Filter/Filter/Operation is "Process Create"/Add
Leave ...
- 3,869
13
votes
Malware or strange Windows services behaviour?
The CDPUserSvc is a legitimate MS Windows Service.
As for the random code appended, e.g. _405bc, this is a copy of the same Windows Service without the suffix. MS has added these "shadow" copies as a ...
- 31.2k
11
votes
Accepted
DriverToaster.exe is reporting that "The parameter is incorrect."
It would appear that this is one of the parts of the Dell SupportAssist tool. The AppxManifest.xml in the directory:
DisplayName="Dell SupportAssist" Description="SupportAssist Driver Update"
It ...
- 93.7k
11
votes
Accepted
Can an ISO file damage—or infect—the machine it's being burned on?
I'm wondering if an iso file can do damage to the main machine while it's burning, like the zip slip vulnerability or something.
It certainly is possible that there is a vulnerability that affects ...
- 43k
11
votes
Can an ISO file damage—or infect—the machine it's being burned on?
Burning an ISO to a target device alone will not expose your system to damage or infection.
Never heard of the Zip Slip Vulnerability before, but reading up on it it describes the exploit—which has ...
- 56k
11
votes
Accepted
All my Chrome searches are redirected through www.getsearchredirecting.com
A colleague solved it for me.
It was a web colour picker extension for chrome:
https://extpose.com/ext/241212
Fortunately it was delisted.
Be careful out there guys, it's a bad world...
- 251
10
votes
Has my macOS Sierra system been infected by unknown users?
These “users” are not actual users—as in human users who are logged in—but rather they are called “daemon” users (aka: “service” accounts) created by the OS to manage processes and such in the ...
- 56k
10
votes
Is AV scanning zip files with non-exe contains re-assuring/reliable?
ZIP doesn't change much. A competent AV program should report the same results for zipped and unzipped files.
Non-executable files will generally be less likely to contain malicious code because ...
- 57.4k
9
votes
Accepted
unwanted chinese/korean program installed unable to remove it from any where
I reverse-image searched the icon:
and it turns out the program is "Tencent (QQ)PCMgr".
"Tencent PC Manager is a free antivirus program available for for Windows (32-bit and 64-bit) operating ...
- 113k
9
votes
Random powershell.exe process?
This is almost certainly malicious.
Let's take it apart. It invokes Windows PowerShell (a legitimate and very useful command interpreter) without user customizations (-noprofile) in a hidden window (-...
- 41.3k
9
votes
How to be 100% certain a USB drive has not been tampered with and has no malware?
You assume that it is tainted.
You cannot be betrayed if there never was any trust to be betrayed.
And you will not suffer harm if you assume that harm is what will happen and prepare to meet it.
...
- 199
9
votes
Can a Chromebook be infected by a computer virus through a malicious website?
tl;dr
Yes, just be careful and don't install any extensions and if you do make sure you understand the permissions they ask for.
Note: The professional definition of "computer virus" is a specific ...
- 1,401
9
votes
google chrome "managed by your organization" on linux
It could be because of LastPass.
Please check if you have lastpass-policy.json at
/etc/opt/chrome/policies/managed/
or
/etc/chromium/policies/managed/
Deleting it, solves the problem.
Ref:
...
- 191
8
votes
What is gen_204?
For some reason, Chrome is downloading the gen_204 file. It isn't actually any malware or any useful file, although I am not quite sure why it is saving it.
Google uses gen_204 to generate a "204 No ...
- 2,302
8
votes
Accepted
Prevent Infection of USB drive
Buy a USB stick with a physical "Write Protected" switch. I've used one in the past and been unable to casually write to it while the switch was in the proper position. Of course, if you want to ...
- 5,858
Only top scored, non community-wiki answers of a minimum length are eligible