Suspected malware - SAFE can't find anything but my computer opens stuff on its own.

Maria_
Maria_ Posts: 2 New Member

I hope this is apropriate to ask for help on this here, and I'm sorry if it's not.
3 days ago, my computer opened a newspaper page (www.bt.no - norwegian newspaper), my google docs, a music folder on my desktop and a program called "Safe exam browser", when I was away. The last one is made to lock the computer, so you can't open things in the background. It is made for taking exams. I can see in my log on google chrome that the websites were opened aprox 60 minutes after i left my computer. The lid was closed but the power connected. (I have an Asus UX305 with Win 10.) The bt.no site were refreshed 4 times in a span of 20 minutes, but that might be automatically because it opened live streamed news. After bt.no, my google docs were opened and then probably the exam browser. You can easily close the exam browser by clicking the red X, but the computer didn't do that. I find this extremly wierd websites, folder and program for a hacker to open. My files are fine, not encrypted or deleted and I have now taken a backup. F-secure safe cannot find anything suspicious when I do a full scan, and it has not happened anything since.
The day this happened i installed two programs. The links to the downloads is: http:// download.wondershare.com/inst/filmora_setup_full846.exe and https://
s3.amazonaws.com/ezvid-installer-new/ezvid1.003b04.exe The last program seemed to install fine but then it could not find some kind of file it needed? And the program (Ezvid) would not start. Can a defected but unharmfull program make the websites, folder and program open? Do I need to be worried? Can it be anything else than malware? If SAFE dont find anything is there than a problem? Thank you so much in advance for help!

Comments

  • Ukko
    Ukko Posts: 3,727 Superuser

    Hello,

     

    Sorry for my reply. It will be just as some suggestions.

     

    Some ask about bt.no - but does it possible that this website is your home page for browser (or maybe was last opened before this experience)? And if yes - does it anyway possible (even the lid was closed) that your laptop keyboard was 'accessible'. Or someone had access to laptop/place for cleaning it (as example).

     

    Because, except meanings that "Safe Exam Browser" prevented any other "activities" under your system, I can to think that browser, google docs (!? application or maybe under the browser) and safe-exam-browser can be under your desktop (also you noted that music folder also was from desktop) and maybe it randomly launched by some "violation" usage keyboard/touchpad.  May be, but I not sure that it possible there. But I able to start from this point - because you noted that there nothing else which can be as "suspicious" result.

     

    I also tried to install both software -> and both of them was normally installed (from provided URLs). Also both of them launched and I able to do some actions (but not sure about trusted status of this software) - not sure if all features, but looks like that it work as should be. With second software there was notification about "not supported such interface" and it was not available to play captured/recorded video (?!). With my experience I do not meet something as potential trigger for their payload/bundle (or their strange actions) - but it was just brief experience. 

     

    But maybe because you have troubles with installation both of them - maybe you have to re-check something with your system anyway.

     

    So...

     

     

    Spoiler

    ----

    Can a defected but unharmfull program make the websites, folder and program open?

    ----

     

    Not sure about this ones, but I think that it possible. Just as potential situation.

     ----

    Do I need to be worried? Can it be anything else than malware? If SAFE dont find anything is there than a problem?

    ----

     

    Maybe yes (but I not sure that "too much") - because situation is strange, but there missing (yet) something which will increase suspicious view. 

    With provided information it more looks like something random.

     

    I think that you able to try something as next points:

     

    --> https://community.f-secure.com/t5/Common-topics/How-do-I-create-an-FSDIAG-file/ta-p/18190

    It can be helpful as diagonostig/support tool for F-Secure.

    I think that if you have "timeframe" about situation - maybe there can be some related logs by F-Secure (if they detected some actions, but allowed it; or if there was something else suspicious);

     

    --> And with such diag-file you able to try use direct F-Secure Chat Support Channel:

    https://www.f-secure.com/en/web/home_global/support/contact-chat

     

    I not sure - if they work on weekends (so, mainly because that - I decided to add my suggestions) - but it can be an option to check more with your system. They maybe able to provide technical support as investigate situation also (remotely). Or just as analysing your description/information.

     

    --> You also able to re-check that under "System List of Installed software" there missing something as "now known for you" or suspicious.

    And when you launch F-Secure scan - it good to re-check if there indeed launched "Full Scan" (Main UI -> Tools -> Scan Option -> Run Full Scan); And maybe under F-Secure Settings (SAFE Main UI -> Settings -> Manual Scanning -> check options like advancded scanning option or/and uncheck "scan only known file types" - which just increase potential false-positive detection and take more time for scanning, but time to time can be helpful for detect something "static");

     Sorry (else one time) for my reply! Will be good if there comes some else suggestions or meanings (maybe with nice tools, which you able to use as double-check for detecting malicious files);

     

    Thanks.

     

  • Simon
    Simon Posts: 2,667 Superuser

    I once installed something by Wondershare, and it did all kinds of weird stuff, so I uninstalled the program and have avoided WS ever since.  

     

    What I would suggest is a scan with www.malwarebytes.org.  I wouldn't recommend anything but the Free version, however, as there seems to be a conflict with F-Secure when using the full version with real time scanning.  

This discussion has been closed.
Feedback on New Design