Vigram.A Threat /Virus - Returned after Format - possibly DDU related!

Toggle sidebar Toggle sidebar
Ransome

Ransome

Distinguished
Jul 24, 2012
1,163
2
19,315
So earlier today, I was playing a DMC4 SE when I noticed a few physics glitches and had a small crash later on.
So I figured I will download DDU from Guru3D and download latest Nvidia driver and reinstall driver cleanly.

Suddenly, computer kinda acting weird and slow, some functions like deleting won't work or get stuck. Windows Defender icon turns to RED X. Says threat detected
VIGRAM.A
Start Action
And I can select to remove, quarantine etc...
Stuff started to work oddly even after removing it.
Windows Restore didn't work unless I used Advanced Startup first.

Vigram A. Returned a few times. And I think it has something to do with DDU download .
Strangely it appear shortly after downloading (NOT RUNNING) DDU from either Guru3D or Wagnarsoft - DDU home website.

So I removed it again with defender.

DDI = Display Driver Uninstaller
I ran Full Scan scan and also Full Malicious Software Removal scan.
Came clean.

Long story short... i felt the safest bet to Format and Clean install Windows.

After clean install...
Doenloaded Windows updates which took a while.
This time I I downloaded DDU from DDU website - and shortly after - Windows Defender detects Vigram A - AGAIN!!!

NOW once more In didn't even click.
Only actions I did back then and after format were basically Windows Updates, downloading Nvidia Driver and downloading DDU.

So it's either something with the latest Windows Updates or with both Guru3D DDU page and DDU websites.

Now I wondering - anytime else encountered this?
What should I do now?
Don't want to Clean Install again...

Can a virus/torjan/malware be downloaded by simply visiting and/or downloading afile?
Guru3d and DDU websites are both commonly used. So I don't think it's reasonable to assume they are the issue.
And what is Vigram.A? Is this even a threat/virus?
 
Sort by date Sort by votes
As soon as you run a program you can be putting your machine at risk. If the program you run is infected, you are activating the infection by running the infected file. When you download software, you need to be aware of what it is you are downloading, and where you are downloading it from.

Maybe just install the drivers manually, and only download them from the official sites, such as NVIDIA.com. Automated driver installer software is always considered a bad idea.
 
Upvote 0 Downvote
I have never used automated drivers and I didn't even ran DDU.
DDU is very well known among gamers and a huge portion of people use it. Including many in Tom's.

Therefore I didn't do anything risky or anything unusual at all. I didn't even ran DDU after the format.
I suspect this is something weird with window update and defender or something in Guru3d site or DDU site (wagnersoft or something).

I don't know what to do now with the pc since defender removed it and I already formatted. O DON'T want to format again. It was a long process to get everything back.
And I have been using DDU and the same apps from the same sources for years.
Cpuz Core Temp Logitech gaming software Real Temp CCleaner DDU and MSI Afterburner plus Nvidia drivers from official sites always. Nothing else runs.

So how come a virus or threat or infection can already after total clean install of the drive ?
(Also ran Fullscans before the format and found nothing).
And is this some glitch and not even a real threat?
I have never had anything infected for years. Maybe once or twice many many years ago , but that's about it.
I wonder if another format is in order or not. That will suck.
(Like I said I didn't install DDU the 2nd time and downloaded from DDU site)
 
Upvote 0 Downvote



It's Guru 3d. 100% certain.
 
Upvote 0 Downvote
What do you mean?
Is Guru3D infected and not safe?!
Please be more clear
I also downloaded MSI Afterburner+RivaTuner from it and installed it (as I always do)

Edit:
Oh In should note that when I tried to install DDU from the US mirrors Edge blocked the download by SmartScreen. But not from Germany or from DDU own site.
In don't understand how it got back after. The format and how come a site so popular is so unsafe - unless it's just an error or coincidence.
 
Upvote 0 Downvote
While you may not have run any of the downloaded software yet, as soon as you download anything at all, you run the risk that whatever you downloaded has malware or a virus in it. This is why sources you download from matter.

If you download a file that has a bad payload in it, it will likely be detected by software such as Windows Defender. The responsibility for the issue is with the user. Windows images don't come with virus software built in, at least, not from reputable sources. If you get virus warnings after reinstalling Windows (which necessarily must include reformatting the hard drive to ensure any malicious software is gone), then your Windows installation media is likely the source. If you get warnings only after going online and downloading software, regardless if you run the software or not, then you're going to places you shouldn't. Stop doing that. That's the problem. If you don't know what sites you're going to that are giving you the software that is tainted, scan everything you download. Nobody can stop you from going online and downloading viruses but you.

If Edge is blocking a site, take that as a very big red flag. Stop trying to download from places that are flagged as harmful or dangerous, or stop complaining when you get viruses. Microsoft is trying to protect you at this point and it sounds like you're circumventing it. Granted, false positives do happen and Microsoft could be wrong, but maybe you should look elsewhere for the software you're interested in?
 
Upvote 0 Downvote
Damn.... How do you know this?
Is this common knowledge here?

Any other safer site to get software like MSI Afterburner+RivaTuner or DDU?
For all I know MSI Afterburner suite latest version only comes from Guru3D.
 
Upvote 0 Downvote


No coincidence.
 
Upvote 0 Downvote
bigpinkdragon286
But I am telling you, with respect, I have been using The websites I mentioned for years.
It's always been safe and I know countless gamers download DDU and MSIn from that source. There's also forums and reviews there.
I only what I Doing.
What I can't possibly know however is whether the site. That was safe and legit got suddenly corrupted with infections.

Is there any gamer here also using these apps and website
Furthermore, what should I do now?
(EDIT: Now that I already gone through the hassle of formatting+clean install - then found the infection again - then removed it with Defender) right away ?
 
Upvote 0 Downvote
I believe you. I'm just trying to express that it has to be something you are, or are not doing, that is causing the virus warning to pop up after reinstalling Windows.

Hopefully, when you reinstalled Windows, you formatted the drive Windows resides on. Just having Windows perform it's own automated repair could leave virus infected files hanging around, especially if you used the option to save your personal files.

 
Upvote 0 Downvote


I am a gamer with a 1080 ti.

Created user and visited there and downloaded. saw virus and got to cleaning and deleted user. Got back and restored.
 
Upvote 0 Downvote


No I installed Windows Installation USB using Media Creation Tool on my laptop, then plugged it into my current PC. Shut the system down. Removed the 2nd SSD drive by unplugging the SATA (with the backup data and other data like games). Boot from USB -UEFI. Installed Windows while doing DELETE on every partition and then clicking NEXT. Clean install.
Then I plugged the SSD back (after it finished and did some Windows Updates). Moved the backed-up files back to my C drive (the formatted one with the system on it).

Then I downloaded MSI AB from Guru3D.com
DDU from wagnardsoft
CPU Z from
https://www.cpuid.com/softwares/cpu-z.html
Nvidia drivers from
http://www.nvidia.com/Download/index.aspx
Steam from Steam and GOG from GOG.
Core Temp standalone 64 bit from:
http://www.alcpu.com/CoreTemp/php/download.php?id=3
Real Temp from:
https://www.techpowerup.com/realtemp/
I think that was all.
Then sometime momentarily after - Defender had that RED X and a Threat Warning with "Actions Needed" - so I ordered it to remove it.
It was frustrating because I was already installing games and stuff and finished setting up all of Windows settings to my preferences and all the tiny cosmetics that take the longest time.
I formatted my PC so I WON'T have doubts and in order to rest easy and be safe. Now I am (again) not entirely feeling safe.


 
Upvote 0 Downvote

Wait, as in tested it right now? What did you download and how did you see a virus?
How did you "clean" it and how come deleting the user clears your system from infections?
What do you mean by got back and restored?
(by the way restore didn't work properly for me before the format, haven't tried it after).

 
Upvote 0 Downvote
Do you guys think I should do another format? Or something else?
I rather know before I start to put the system into more use.
edit: I can also try to restore to a point before the first Windows Update soon after the format completed.
 
Upvote 0 Downvote


System restore is off by default. stupid M$.

yes,as in now, er as in now back when i first responded.
 
Upvote 0 Downvote
Does System Restore puts you back to safety after you got the virus? So how did you "saw the virus" and cleaned it?
Also I really don't know how to manually remove all Nvidia Drivers without tools. Since Windows automatically download drivers after every restart and every Nvidia driver you uninstall requires a restart. And I don't really know how to clean the registry.

Oh just remember - I also installed CCleaner from:
https://www.ccleaner.com/ccleaner/download


Okay, so now that Windows Defender removed the threat again, I am on the fence: Should I format again to be extra secure, or maybe restore to the beginning, or just keep things the way they are?
 
Upvote 0 Downvote


I use speccy, recuva and ccleaner from Piriform. Kombustor, AB, command center and riva from msi.

Defender notified me.

Have you gotten the trojan during this install?

Yes. Perform a clean install.
No. Business as usual.
 
Upvote 0 Downvote

Is the Core Temp source and download secure? And the other links I mentioned above? (I wrote them all down).

Ton answer your question: No, seems I got it after the clean install, by simply downloading DDU from Wagnersoft (or MSI AB from Guru3d). Probably the DDU one -as it was the issue both before and after. Defender warned me there's a threat and action is needed.

So, just to be clear, Defender notified you after you downloaded some file from Guru3D, yet you just let it remove it?
This is the same as what I did.
I assume you didn't Clean Install Windows afterwards, but you suggest I should?
Isn't it enough to have Defender have the threat and remove it?Now even Full Scans are coming clear.

(By the way - when clean installing using USB - in the boot menu, should I select the USB (Sandisk) or UEFI USB (UEFI: Sandisk)?
Thanks
 
Upvote 0 Downvote
I can confirm the issue as the same thing happened to me yesterday. I never even ran the program, only unzipped the archive. I downloaded version 17.0.8.5 of Display Driver Uninstaller from http://www.guru3d.com/files-details/display-driver-uninstaller-download.html using Netherlands mirror and Windows Defender found Win32/Vigram.A. While they say that you should exclude the program from all your AV when running, they really should be more specific if this is really a false positive and something we should expect if we do not disable Defender right away. Not going to trust Guru3D nor the software anymore.
 
Upvote 0 Downvote
Its DDU. I also have used it for many years, and never had a problem. When i did a clean install of windows today, i downloaded DDU and got the Vigram.A virus. Ransom, did you figure it out? Is it a false virus? I dont want to reformat my pc again. I have also used this program for many years, and never had a problem before.
 
Upvote 0 Downvote


I'm afraid it is indeed a virus. I believe so.
Information was sketchy. Some sites suggested it being a torjan or other malware.
Microsoft claim it's a threat as well:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Program:Win32/Vigram.A
Which pretty answers the question of whether this is a false positive or an actual threat.

Plus the fact it immediately embedded itself into the system even before you unzip or click on it at all - makes it awfully suspicious. It's far too subversive.
I did not even install it and simply downloading it made my Windows Defender detects a problem and alert me
Both from Guru3d and Wagnarsoft page, from several download mirrors.

And so, I decided to reformat my system a 2nd time.
I just didn't want to to have any doubts lingering. Always wondering if there's some leftovers or irreparable damage from the virus that may cause some performance issues or a privacy/security breach.

If I were you, I would play it safe and format again. I know its a pain but you will feel better afterwards.
Then install the bare minimum of apps you actually use..

Unfortunately it's not our faults. Like you and I many users downloaded DDU and other apps from Guru3D and sources.
It was becoming a known trusted site.
It's like walking in a park and having someone assault you out of nowhere. It's not like we invited that.


(I ordered defender to take actions and remove it. Then did a full scan to make sure everything else is clean. Finally reformatted my C drive and clean install.
The reason I did Full Scan was that I had some folders with images and data that sat on my C drive and I wanted to export (to drive #2) and import it back to the system drive after the 2nd format).



 
Upvote 0 Downvote
noddu5m like I told pkx313 above I'm pretty sure whatever it is it's not good. It infected the system even without opening the file at all.
I am glad Defender got it in time but I remember having a serious slow down before I manually removed it.
So I ended up doing a 2nd format and clean install. Because if I am going to go clean- I rather be thorough and safe.

I'm also not going to trust DDU and Guru3D from now on.
Heck I am going to be rather paranoid about 3rd party and smaller sites too.
And I wonder how I will install future drivers...
Guess I will just trust Nvidia and download latest versions and simply install them ticking clean install.

I won't bother with removing the drivers first- because Windows always installs them immediately automatically the moment I restart. Additionally it's impossible to remove all drivers at once.
If you have any other ideas for a clean install of all graphics drivers, please let me know.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom