Virus threat - Warning for all members and guests of our Forum


Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,620
Reaction score
1,128
Hi all,

Happy New Year !!!

For those of you perusing our threads some of you may have read a recent thread discussing Legacy Dialog Fonts.

If you have read this thread and gone exploring for the applications mentioned thus far, please be aware that Multi-Edit and Multi-Edit Lite, if searched will provide multiple third party links offering free trial downloads of this Commercial Software.

WARNING — These third party links contain Rootkits, Malware and also Adware, which currently is capable of slipping past the built-in Windows Defender.

I can confirm, that the free stand-alone edition of Norton Power Eraser is capable of detecting the Rootkit and removing it. With this removed you then need to manually remove any Malware or Adware also installed by these links. The rootkit itself is given a random alphanumeric name, so it not easily detected manually.

I've submitted samples to the Norton Cloud, and also to Microsoft in the hope they can further analyze these files and provide improved definition files to protect us from these kinds of threats.

If anyone has already attempted to install Multi Edit or Multi-Edit Lite from a third party link, then stop what you are doing and run a thorough Virus scan now!

You can grab the free stand-alone edition of Norton Power Eraser here:


This security application does not require installation; it runs as a stand-alone app. A typical scan requires the computer to restart ( this is done automatically ). When you sign-in again, the scan will continue and report if there is anything that needs addressing when the scan completes. A typical scan will take 5 to 10 minutes.

Note: At the time of writing this post, Norton Power Eraser picks up that fake Chrome.exe but does not consider it a threat. I've submitted a sample to Norton, so this may change later today. As already stated, the separate rootkit is detected and will be removed when you approve a restart of your computer. When the rootkit is removed, you can then manually remove the fake Chrome.exe.


In terms of Malware and Adware, some other items to manually look for include:

  • Bing Search ( stand-alone application that looks like Microsoft's Bing app, but is in fact Malware )
  • Chrome.exe ( stand-alone app that looks a lot like Microsoft's new Chromium based Edge Browser — again this is Malware )
  • WinZip Searcher ( yet another stand-alone application that is in fact malware )
  • PremierOpinion ( A stand-alone app which is in fact Adware )

    Note: Until the randomly named rootkit is removed, uninstalling the above list of items will prove fruitless.

If you are not sure about a file you can choose to submit it to Microsoft for further analysis here:



If you remove the rootkit, and then manually remove the Malware and Adware, I'd recommend you at the very minimum also using a Restore Point that pre-dates when you attempted to install this software, to help remove any Registry entries these applications will have introduced to your System.

Regards,

Regedit32
 
Ad

Advertisements

Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top