Question BrowserModifier:MSIL/MediaArena

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Windows Security informs me that my Clevo W355SS laptop is infected with: BrowserModifier:MSIL/MediaArena
This program changes various Web browser settings without adequate consent.

Affected items: file: C:\$Recycle.Bin\S-1-5-21-977564540-572206623-702081048-1001\$RSXWGQH.exe


Most likely I got it from clicking on one of the first results of Google Search. Is it at all possible that Google displaying malicious sites in the search?
 

Colif

Win 11 Master
Moderator
did you install a program called PDFPower as it appears its part of it, though which program you download seems to change depending on browser used.

link

I don't see anything about it changing google search results, it changes browser search engines.
Only things I can find just show how to remove it. Not what it changes.

some of its various names - https://www.virustotal.com/gui/file/e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

Did defender remove it? If not, I would try https://www.bitdefender.com.au/solutions/free.html and see what it finds.
 
  • Like
Reactions: yossibac

yossibac

Commendable
Dec 2, 2021
140
10
1,595
No, I did not install DPFPower
For example, if I search to Download Adobe Acrobat Reader which I did, or Firefox as well, I expect the first links to be safe to click on, otherwise, where are we going from here?
Looking at my installed Apps and Control Panel, I have got CPUID, Adobe reader some Intel and Microsoft programs, Firefox, some drivers I downloaded from Clevo Computers, Brother printer drivers, VLC media player, That's all.
Looking at Extensions/Add-ons at Firefox and Edge, there's only the English spell check, that's it.
It's really hard to be more careful than that?
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Found same virus in our work machine, File name is ziprar.exe that I think we got by mistake from CPU-Z misleading update, I wonder if it's at all a virus or just Microsoft Defender has a thing with it? Is it possible that CPUID will install a virus in our machines?

 

Ralston18

Titan
Moderator
This:

" I expect the first links to be safe to click on.....?"

I would not have such expectations.

There are all too many false/fake websites likely to result from any given search.

Just because, for example, the manufacturer's name appears in the link and/or appears first in the list that does not mean the website is real or safe.

Just a thought.
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
I still wonder if ziprar.exe it's at all a virus or just Microsoft Defender has a thing with it?
For example, Defender thinks that Speccy spsetup130.exe is a low threat, but it has no problem with Speccy spsetup132.exe.
Please see below.

file: Speccy PC Diagnostics\spsetup130.exe
PUABundler:Win32/PiriformBundle
This program has potentially unwanted behaviour
 

Ralston18

Titan
Moderator
What version of Speccy?

I do not use Speccy very often and currently have version v1.32.740 installed.

Note: Shortcut icon being "C:\Program Files\Speccy\Speccy64.exe".

Opened and ran without any objections by Windows Defender (Window 11 Pro).

But that is not the Speccy setup file.

Consider that there may have been some issue with the 130 setup executable for "Speccy"

Maybe Speccy fixed that issue via 132....
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Yes I think that you are right about Speccy, may be 130 ver. had some problems with Microsoft but not 132.
Program was not installed, I had it on the HD for years and years and no antivirus never complained, so why now?

Since my last post I formatted the PC to Windows 10 Pro, using new HD, Memtest86 is 100% good.
I wonder, why are Disk and RAM resources so occupied if it's not a virus? Please see photo below.

View: https://imgur.com/a/ckygy5W
 
Jun 7, 2023
2
0
10
No, I did not install DPFPower
For example, if I search to Download Adobe Acrobat Reader which I did, or Firefox as well, I expect the first links to be safe to click on, otherwise, where are we going from here?
Looking at my installed Apps and Control Panel, I have got CPUID, Adobe reader some Intel and Microsoft programs, Firefox, some drivers I downloaded from Clevo Computers, Brother printer drivers, VLC media player, That's all.
Looking at Extensions/Add-ons at Firefox and Edge, there's only the English spell check, that's it.
It's really hard to be more careful than that?
Did you ever get to the bottom of this?
Just seeing the comments about not installing the pdfpower, it looks like it's coming through adverts. Not sure where download Adobe from etc, their site or 3rd party site. But potentially if could be scenario like below... doesn't immediately sound like it, but maybe of use
 
Jun 7, 2023
2
0
10
No, I haven't got to the bottom of this yet
I don't even have the nerve to click on your link.:)
Aha the link is good (am sure a random person saying that super reassures 😂) but can Google search them. The company is reliabcecyber, and it's under their news feeds/ page.
But it's got some screenshots, and just thought it anything there jumped out at you as familiar/seen. It's got links in there to the Microsoft/Google pages on how to reset browser settings

Edit: example of malicious ad from the blog, the red PDF symbol on left
Picture-2-Example-breakdown-MediaArena.png
 
Last edited:

Ralston18

Titan
Moderator
@yossibac

Firefox (10)? Is that normal or expected?

Disk drive(s): make, model, capacity, how full? I limit my drives to 70-80% of capacity - that is just me. However a drive that is getting full will likely be quite problematic. Virtual memory lacking perhaps.

Things you can do:

In addition Task Manager use Resource Monitor and Process Exploreer to observe system performance. Use all three tools but only one tool at a time.

Process Explorer (Microsoft, free):

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Remember that you can click the small upward and downward point arrows in the tool's column headers to sort data. Very helpful if the results are jumping about too fast to read or study.

End objective being to discover what is using most or all of that "100% Disk" or RAM.
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Aha the link is good (am sure a random person saying that super reassures 😂) but can Google search them. The company is reliabcecyber, and it's under their news feeds/ page.
But it's got some screenshots, and just thought it anything there jumped out at you as familiar/seen. It's got links in there to the Microsoft/Google pages on how to reset browser settings

Edit: example of malicious ad from the blog, the red PDF symbol on left
Picture-2-Example-breakdown-MediaArena.png
Hi, No, never seen anything like that. But thanks, I read the article, very interesting.
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Disk drive(s): make, model, capacity, how full? I limit my drives to 70-80% of capacity - that is just me. However a drive that is getting full will likely be quite problematic. Virtual memory lacking perhaps.
It's Hitachi, 500GB new, fresh, install, about, 400GB free.
I waw hoping someone here would be able to figure out who is the culprit from that photo, as to my calculation all those programs that using Disk space don't come up to even close to 400GB. Thanks


View: https://imgur.com/a/ckygy5W#ceu4mow
 

Ralston18

Titan
Moderator
Look at the other Task Manager tabs; Performance, App History, etc....

The Disk % in the Processes tab is an indication of data transfer rates. Note 64 MB/s. Not how much of the disk drive is being used.

Firefox appears to be consuming th available bandwidth.

Again, close all of those Firefox tabs. Start monitoring system performance.

Add the tabs back one at a time allowing time between additions.

Objective being to disover if one particular tab is the culprit. I.e., Disk % suddenly increases in some manner.

Another tool that may prove helpful is Process Explorer (Microsoft free.)

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Objective being to discover some unknown or otherwise unexpected process that is running or being triggered via Task Scheduler.
 

yossibac

Commendable
Dec 2, 2021
140
10
1,595
Thanks for your input,
After checking I suspect that 8GB of RAM isn't enough to run Windows 10 Pro, but it was surely enough to run Windows 7.
I tested it on 2 computers with the same result. Please confirm if you come across the same problem. Thanks.