Gen: variant.gaftor.464617 (Detected by bitdefender) and Win32/Adware.FileTour.FGK.gen (detected by

help please, i have done multiple clean ups and the alterts of this virus keep popping out.

Comments

  • UkkoUkko Posts: 2,997 Superuser

    Hello,

     

    Just as generic suggestions:

     

    -- did you run 'Full Scan' by your security solution? If it is F-Secure solution: should be possible to use steps like: open F-Secure Main User Interface >> Settings >> check Manual Scanning tab and its options (good to choose 'scan zipped/compressed files' and unchoose 'scan only known file types') >> save it >> F-Secure Main User Interface >> switch to Tools-tab >> Scanning options (choose "Full Scan" under menu).

    Does there visible any paths to detected items? Does it "Temp"-folder or does it 'packed file/archive'? Such information can be useful for understanding why 'notifications' keep popping out.

     

    -- then good to understand when such 'notification/deteciton' comes? Does pop-up with launch browser? Or with random time?

     

    --  based on detection by NOD32: maybe it is an option to find any suspicious installed extension/addons of browser. Or re-check list of installed software.

    If something is unknown or with suspicious look (or even it is with 'FileTour"-wording) - should be possible to uninstall/disable/remove it by common steps (like uninstalling software or extension/addon).

     

    Usually, such detection is about payload/bundle with some software (or bundle itself). As result, it can be with different impact (like showing advertisements with unexpected places; or even to perform some changes with system - like autorun-launch; scheduled events and so on).

    I feel that if your security solution is not enough -- possible to try additional scanner like Malwarebytes.

    For example, their Adwcleaner (https://www.malwarebytes.com/adwcleaner/) or their main solution as trial-time (https://www.malwarebytes.com/products/).

     

    Good if you will back with feedback or some results/further information.

     

    Thanks!

This discussion has been closed.