Obvious Malware (to me) that Bitdefender does not detect, what do I do from here?

So I accidentally installed a trojan today because I was exhausted and confused a google ad for the download button of a legitimate product, the stupid part on my part was not stopping to think about why this installer was called "PC Appstore" (I really should've known better, but its too late for common sense to save me). The problems I have noticed from this are

-Google Chrome was reformatted

-I was now getting pop up ads for "ASUS Armoury Crates" on my desktop that could only be closed with task manager

-Upon uninstalling everything related to "ASUS Armoury Crates" from system32, the files would come back upon restarting my device.

-Doing a full system reset did not get rid of whatever malware is responsible

-I installed BitDefender and it did not detect the ASUS stuff or anything else as malware or problematic

I've only just started learning IT and do not want to wait until I can solve this myself, any help understanding what to do in this situation would go a long way, thank you.

Find more posts tagged with

Virus Scanner

malware

bitdefender antivirus

bitdefenderfail

please help

Accepted answers

All comments

Gjoksi

Hello.

You might be a victim of adware, so follow the steps from this article:

https://www.bitdefender.com/consumer/support/answer/2574/

Also, you should install Bitdefender’s Anti-Tracker browser extension and install browser extension for ad blocking, like uBlock Origin, Adblock Plus etc.

Regards.

Flexx

To add here, ASUS Armoury Crate is a genuine software product developed by ASUS. It provides system customization and performance optimization features for ASUS devices.

Take a look at the link below for more information. Are you certain that the software is not installed on your PC? Have you checked the "Add or Remove Programs" section to see if it's listed there?

https://www.asus.com/support/faq/1041776/

If the software is not present, you may follow @Gjoksi steps to resolve your query. However, if it is listed, I recommend uninstalling the software and checking whether this resolves the issue.

Regards

Banana_Man

@Flexx I am almost certain that I do not have any official ASUS products installed considering that the pop-ups occur on bootup and persist after a complete reset of my device. Still though, I'll check to rule out any possibilities and get back to you.

@Gjoksi I'll follow any steps listed for removing adware to see if that solves the issue and get back to you in an hour or so.

Banana_Man

@Flexx The steps I followed did not help, as I have said the files causing the pop-ups always reinstall themselves after a system reboot. The problem is not those files or pop-ups but whatever is bringing them back. Whatever keeps reinstalling them has survived multiple full system resets, which is why my concern is so great.

There are 2 files related to the Asus adware, the pop-up and "Asus update check".

-They are both located in System32

-While fully disconnected from the internet, only "Asus Update Check" comes back after reboot

-Asus update check is always open and running on startup, and so will the pop-up if I haven't un-installed it and disconnected from the internet

What I would like to know is: Is there a way to see what is reinstalling "Asus update check"? Where should I look for the logs at?

Any help is greatly appreciated.

Flexx

https://community.bitdefender.com/en/discussion/comment/349885#Comment_349885

If you have access to the files, could you upload them to virustotal.com and share the link here?

Additionally, I'm not sure if it will work, but if you suspect an adware issue, you can follow the procedure stated in the links below.

https://malwaretips.com/blogs/remove-adware/

https://malwaretips.com/blogs/remove-adware-popup-ads/

I have also promoted you to Level 2 so that you can share the screenshot with us here.

Regards

Banana_Man

@Flexx Thank you for your quick response, I will get you those items shortly.

However due to the fact I need to get everything clean by the end of the day, I am going to begin taking steps that would (hopefully) deal with even the most advanced malware. Currently I'll be downloading windows 11 onto a USB from an uncompromised device and reinstalling it from there. I believe i read I also could reformat the hard drive so I'll look up if that's included in the base windows system reset.

I'll post screenshots shortly

Banana_Man

@Flexx

I was not allowed to share the link, VirusTotal did not detect anything with the "AsusUpdateCheck" file. That file is still not what I am worried about, as I do not know what is reinstalling it or how to find it.

These screenshots are right after bootup after "AsusUpdateCheck" and "AsusDownloadLiscence" were uninstalled. I did not initially boot it up online but the pop up installed and opened the second I connected to the internet.

Just to reiterate, these screenshots are from a fresh reset, the ONLY thing I have installed is bitdefender, which is why I am using edge.

I am going to attempt another reset shortly, this time installing windows locally from a USB that I take from an uncompromised device instead of via the cloud, I will also make sure that the hard drive is reformatted (I don't know what that means yet but I will soon)

And again, thank you for the help.

Flexx

https://community.bitdefender.com/en/discussion/comment/349888#Comment_349888

https://community.bitdefender.com/en/discussion/comment/349889#Comment_349889

Kindly perform the following steps and see if they help you in any way:

1) Restart your PC in safe mode. You can follow this guide: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

2) As soon as the desktop opens, assuming your Windows drive is 'C,' open the following locations in the 'Run' command (Windows icon + R) one by one:

C:\Program Files (delete any folder with the name Asus)

C:\Program Files (x86) (delete any folder with the name Asus)

C:\ProgramData (delete any folder with the name Asus)

C:\Users{your PC name}\AppData\Local (delete any folder with the name Asus)

3) Open the Run command (press the 'Windows + R' key on your keyboard) and execute the following commands one by one:

temp - delete all the files in the folder

%temp% - delete all the files in the folder

prefetch - delete all the files in the folder

4) Run Disk Cleanup using this guide: https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68

5) Open the registry editor through the 'Run' command (Windows icon + R) and then type 'regedit.' Once the registry editor opens, click on 'Edit' -> 'Find,' and make sure to checkmark 'Match whole strings only.' Type 'Asus' in the search box and click 'Find Next.' If any file or folder with the name 'Asus' is found, delete it. Continue searching the registry and deleting until the search reports no registry keys found.

6) Restart your PC in normal mode by deselecting the option you selected while running the system in Safe Mode, then click 'Apply.'

If the issue persists, kindly contact Bitdefender support by visiting https://www.bitdefender.com/consumer/support/help/

Select, How to's & Troubleshooting Bitdefender products→Troubleshooting→I don't know→Contact Support→ You will get the option of chat, call or email.

To get immediate update, make use of the chat option.

Also, ensure you do not have any ad-blocker or privacy-blocker extensions enabled, as they might prevent the chat window from appearing.

Regards

Banana_Man

@Flexx , I appreciate the help, but unfortunately the adware still reinstalled itself after all of those steps. I am going to try the system reset, if that does not work i will contact support.

Flexx

https://community.bitdefender.com/en/discussion/comment/349896#Comment_349896

Yes, it seems that this will have to go through Bitdefender support, and you will need to share all the procedures with them that you have tried.

Also, if possible, you should contact ASUS support ( https://www.asus.com/support/ ) or share your query on the ASUS support forum ( https://zentalk.asus.com/t5/english-community/ct-p/en ). You might get some help from them because if it is an adware issue, there have been no cases reported by users on the Bitdefender forum after following all the steps shared with you. It might be something genuinely related to ASUS, and they may provide some insights.

Regards