Securitycheck.pdf False positive or virus?

[nickbandit]

Hello Guys. I had noticed earlier today, that i might have had a virus, either way, i decided to just freshly install windows 10 as it has been a long time since i've last done so. However, after getting AV, Steam and drivers installed Avast popped up saying i had gotten a virus from a dokument named: DOCUMENT_SECURITYCHECK_8CUUPIDU7PHJD1.PDF

It says that the file is infected with Malware-gen[Trj] and that it was located inside of a windows folder in the AppData section. more specific inside of some folder by the name windowscommuncationsapps_(wekyb3d8bbwe

Anybody knows if this is a virus or a false positive? And if it is a virus, how is it possible for me to get that with nothing downloaded or installed other than steam and Graphics drivers

I have uploaded a picture for you to see. It was the message form Avast. It is however in danish.

Thanks in advance.

[Sfekke]

Did you reinstall Windows using a boot USB/DVD and format the drives?

Or did you use the built-in restore function and formatted the drives.

 

The latter will not always get rid of all files properly leaving the malicious software behind able to just regain a spot on your PC.

If you did use a boot DVD/USB and formatted the drives then it could be a false positive, don't quote me on that tho since you are never sure.

[nickbandit]

3 minutes ago, Sfekke said:

Did you reinstall Windows using a boot USB/DVD and format the drives?

Or did you use the built-in restore function and formatted the drives.

 

The latter will not always get rid of all files properly leaving the malicious software behind able to just regain a spot on your PC.

If you did use a boot DVD/USB and formatted the drives then it could be a false positive, don't quote me on that tho since you are never sure.

USB boot, as i've always done :-)

[Sfekke]

4 minutes ago, nickbandit said:

USB boot, as i've always done :-)

Mhh odd, then I'd say it is a false-positive.

Again, don't hold me accountable .. but chances of it actually being infected sound slim.

 

Perhaps you could run a scan with MBAM or another AV?

[Tabs]

That folder is used to store files people have sent you over messages (app). If you enable Syncing, it's possibly something someone sent you before.

 

It might be an actual generic trojan, I'd recommend deleting or quarantining it. Definitely don't try to open it.

[Sfekke]

3 minutes ago, Tabs said:

That folder is used to store files people have sent you over messages (app). If you enable Syncing, it's possibly something someone sent you before.

 

It might be an actual generic trojan, I'd recommend deleting or quarantining it. Definitely don't try to open it.

Now that you mention it, damnit tabs you correct me again haha

Well he's right again

[Tabs]

2 minutes ago, Sfekke said:

Now that you mention it, damnit tabs you correct me again haha

Well he's right again

Sorry, it's not intentional.

 

Easy thing to miss though.

 

[Sfekke]

3 minutes ago, Tabs said:

Sorry, it's not intentional.

 

Easy thing to miss though.

 

Haha I know, just yankin' your chain a bit.

 

It indeed passed right by me, mostly because I never used an AV myself since 2014 besides Windows Defender.

Quarantine and destroy it .. with fire preferably.

It probably came back when you linked your Microsoft account and it started syncing files.

[nickbandit]

7 minutes ago, Tabs said:

Sorry, it's not intentional.

 

Easy thing to miss though.

 

 

5 minutes ago, Sfekke said:

Haha I know, just yankin' your chain a bit.

 

It indeed passed right by me, mostly because I never used an AV myself since 2014 besides Windows Defender.

Quarantine and destroy it .. with fire preferably.

It probably came back when you linked your Microsoft account and it started syncing files.

I have just scanned once more, and it found 13 more of them o.o? This time from other places aswell?

 

 

[Sfekke]

3 minutes ago, nickbandit said:

 

I have just scanned once more, and it found 13 more of them o.o? This time from other places aswell?

 

 

Okay now that isn't good .. at all.

 

Maybe it isn't such a bad idea to reinstall Windows again and not signing in with your Microsoft account.

 

 

From what I know this tries to intercept your Paypal details and store them in a tool called Unistore to be send off its on Github.

Whatever you do I'd stop logging into websites/applications reinstall Windows 10 and not sign in using a Microsoft account.

 

If you have a laptop handy remake that installation USB as well, some malware can spread over USB rendering a re-installation useless.

[Tabs]

1 minute ago, nickbandit said:

 

I have just scanned once more, and it found 13 more of them o.o? This time from other places aswell?

 

The Appdata/local/unistore folder is another folder used by Windows apps - especially apps like Mail.

 

If you have Windows tied to your Microsoft account, you might have some malicious/phishing emails in your inbox.

[nickbandit]

1 minute ago, Sfekke said:

Okay now that isn't good .. at all.

 

Maybe it isn't such a bad idea to reinstall Windows again and not signing in with your Microsoft account.

 

 

From what I know this tries to intercept your Paypal details and store them in a tool called Unistore to be send off its on Github.

Whatever you do I'd stop logging into websites/applications reinstall Windows 10 and not sign in using a Microsoft account.

 

If you have a laptop handy remake that installation USB as well, some malware can spread over USB rendering a re-installation useless.

I have a Macbook, ill see if i can make a new Bootable device on that.. funny thing though.. i never used PayPal nor the Messages app on Windows... I dont even have either of them. Only thing i use my Microsoft account for is Email and OneDrive.. 

[nickbandit]

1 minute ago, Tabs said:

The Appdata/local/unistore folder is another folder used by Windows apps - especially apps like Mail.

 

If you have Windows tied to your Microsoft account, you might have some malicious/phishing emails in your inbox.

Ill delete all my mails inside of my inbox then.

[nickbandit]

22 minutes ago, Tabs said:

The Appdata/local/unistore folder is another folder used by Windows apps - especially apps like Mail.

 

If you have Windows tied to your Microsoft account, you might have some malicious/phishing emails in your inbox.

Alright, I have deleted every mail I've ever received. Is there anything else I could possibly deactivate / delete that could potentially carry over Malware on my Outlook account?

[Tabs]

4 minutes ago, nickbandit said:

Alright, I have deleted every mail I've ever received. Is there anything else I could possibly deactivate / delete that could potentially carry over Malware on my Outlook account?

If you follow these instructions here you'll be able to delete all sync data for your Microsoft account (including things like backgrounds etc. those will get re-synced if you keep your system syncing).

 

That'll ensure that no malicious or corrupt application data remains synced right now, but it'll still remain on your machine - I recommend doing this and then reinstalling Windows if you are concerned about polluting a future sync with the same suspicious data, or at least making sure that all of the suspicious files you've found so far are removed.

[nickbandit]

3 minutes ago, Tabs said:

If you follow these instructions here you'll be able to delete all sync data for your Microsoft account (including things like backgrounds etc. those will get re-synced if you keep your system syncing).

 

That'll ensure that no malicious or corrupt application data remains synced right now, but it'll still remain on your machine - I recommend doing this and then reinstalling Windows if you are concerned about polluting a future sync with the same suspicious data, or at least making sure that all of the suspicious files you've found so far are removed.

Great, Thanks a lot! I have just made a new USB boot drive I can use for reinstalling. Ill follow those steps, and ill reinstall windows and hopefully stay free from all the bad files :-( Thanks both of you for your help.