Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Ofecks
May 4, 2009

A portly feline wizard waddles forth, muttering something about conjured food.



Not sure if I should post this here or the security thread since it's malware-related.

Problem description: Yesterday I went to pull a file out of a retrogaming :filez: RAR archive, and Windows Defender immediately detected a virus: "PUA:Win32/Vigua.A". Even though Defender considers the threat "Low", I'm likely going to reformat my OS drive, but I'm also worried about my browser (Chrome keeps all settings/bookmarks/extensions saved in the cloud) and my storage drives (one internal, always-on, one external for manual backups only) being affected. How paranoid am I being? Anyone know anything about this malware? The MS page has zero info.

I poked around in eventvwr looking for more info, but I don't really know my way around there that well, and the only thing I could find in system logs was this:

code:
A service was installed in the system.

Service Name:  edcxjkwr
Service File Name:  C:\WINDOWS\system32\drivers\edcxjkwr.sys
Service Type:  kernel mode driver
Service Start Type:  system start
Service Account:  
Service Control Manager, event ID 7045. Right before the time of the reboot initiated by Defender (the next couple dozen entries seemed to be shutdown procedures). That file no longer exists when I go to that location. Hopefully there aren't any rogue services floating around that I can't see. No weird services show up in services.msc.

Attempted fixes: I followed the recommended action from Defender, and it had me reboot. The offending RAR file was gone afterwards. I also ran a System Restore (latest was dated last week, 9/7).

Recent changes: None, apparently the threat was living in a file that I've had on my internal storage drive for quite some time (at least a year) but had not opened until yesterday, and it's probably on my backup drive as well. This is the first time Defender has caught an infection since I built this PC and have been using Windows 10 for 4 years.

--

Operating system: Windows 10 Home 64-bit; version 20H2 with all available updates. Spectre/Meltdown microcode patch for my CPU installed. I use a local account with admin privileges.

System specs: custom gaming tower PC, built in 2017: ASUS Prime Z270M-Plus (onboard Intel I219-V ethernet), non-OC'd i5-7600k, EVGA 1060 GTX, Corsair Vengeance 16GB DDR4 3000, 1TB Samsung 960 EVO m.2 NVMe SSD in PCIE mode (OS), 1TB WD Blue SATA3 HDD (internal storage), 2TB Seagate GoFlex HDD (external USB3 storage)

Location: USA

I have Googled and read the FAQ: Yes. Some googling indicated that the Vigua.A malware has been showing up recently in torrent and cryptocurrency software, and one person anecdotally indicated that my browser could be affected, but that's all hearsay stuff from Reddit. I did not click on any of the "411malware", "howtofix.guide", "2-spyware.com", etc, links in the results as I am highly suspicious of their safety.

I clicked the HijackThis link and got a "Refused connection" error, so I can't provide the results from that.

Adbot
ADBOT LOVES YOU

Scruffpuff
Dec 23, 2015

Fidelity. Wait, was I'm working on again?

If it were me I'd just install this: https://www.malwarebytes.com/solutions/free-antivirus

And run a full system scan. It seems from what you've linked that Defender took care of this, particularly if it removed the file and associated service. You're always free to reformat if you have the time, but the Defender actions, system restore, and subsequent virus scan should be more than enough.

Ofecks
May 4, 2009

A portly feline wizard waddles forth, muttering something about conjured food.



I ran it and it didn't find anything. Although the scan took less than a minute; I don't think it was looking very hard. I didn't see any options for quick/full or targeted (specific files and folders) scans. Defender takes ages to fullscan stuff, especially my internal storage because it's a HDD (I should swap that with a SATA SSD one of these days).

down1nit
Jan 9, 2004

outlive your enemies

Id do adwcleaner, hitmanpro, and SUPERAntiSpyware as well.

Hitmanpro is a bitch to get the free scan but its a good fuckin scan

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply