1.    23 Feb 2017 #1
    Join Date : Oct 2013
    Posts : 25,272
    64-bit Windows 10 Pro build 17046

    Malicious Software Removal Tool 5.45 released

    In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection Center (MMPC) uses for identifying unwanted software. Installing software without your permission, interaction, or consent is considered unwanted behavior because that can take away the choice you should have in determining what applications to install on your computer.

    By October 2016, MSRT detected and removed most of the malware families in this suite:

    • Sasquor, which changes browser search and homepage settings to circumvent the browser’s supported methods and bypass your consent, and can install other malware like Xadupi and Suweezy
    • SupTab, which also changes browser search and homepage settings, and installs services and scheduled tasks that regularly install additional malware
    • Suweezy, which attempts to modify settings for various antivirus software, including Windows Defender, creating a significant danger to your computer’s overall security
    • Xadupi, which registers a service that regularly installs other apps, including Ghokswa and SupTab, and is ostensibly an update service for an app that has some user-facing functionality: CornerSunshine displays weather information on the taskbar, WinZipper can open and extract archive files, and QKSee can be used to view image files
    • Ghokswa, which installs a customized version of Chrome or Firefox browsers, modifying the home page and search engine front-end or stopping processes and replacing shortcuts and associations for the legitimate browser with ones pointing to its own version

    This month, we’re adding Chuckenit, the last remaining malware in this group, to MSRT, helping make sure the whole suite is detected and removed from your computer and doesn’t interfere with your computing experience.

    Chuckenit is an application called “Uncheckit”, whose main purpose is to uncheck checkboxes in installation dialogue boxes, effectively messing with choices without your knowledge during installation.

    Chuckenit is installed together with Suptab and Ghokswa when Xadupi downloads and installs updates. Xadupi, meanwhile is installed by Sasquor, although it may also be installed directly by software bundlers.

    Figure 1. Chuckenit is installed silently by Xadupi, which is installed by Sasquor.

    Figure 2. Xadupi may also be installed directly by software bundlers, such as ICLoader.

    Similar to the other malware in this suite, as part of its installation, Chuckenit adds several Scheduled Tasks and registers a couple of services to automatically download updates, which may come with other applications or malware.

    Since May 2016, Windows Defender has encountered this threat in over 418,000 computers, of which 12% are in Brazil, 7% are in India, and 7% are in Russia.

    Figure 3. Geographic distribution of Chuckenit encounters

    Prevention, detection, and recovery

    Chuckenit is part of an infection chain that involves malware and software bundlers silently installing other applications. You need security solutions that detect and remove all components of this type of infection.

    Ensure you get the latest protection from Microsoft. Keep your Windows operating system and antivirus up-to-date and, if you haven’t already, upgrade to Windows 10.

    Ensure your antimalware protection, such as Windows Defender and Microsoft Malicious Software Removal Tool, is up-to-date. In Windows Defender, you can check your exclusion settings to see whether the malware added some entries in an attempt to exclude folders from being scanned. To check and remove excluded items in Windows Defender: Navigate to Settings > Update & security > Windows Defender > Add an exclusion. Go through the lists under Files and File locations, select the excluded item that you want to remove, and click Remove. Click OK to confirm.

    Use cloud protection to get protection against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10. Go to Settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.

    Use the Settings app to reset to Microsoft recommended defaults that may have been changed by the malware in this suite. Launch the Settings app. Navigate to the Default apps page. From Home go to System > Default apps, then click Reset.

    For enterprises, use Device Guard, which can lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run.

    Use Windows Defender Advanced Threat Protection to get alerts about suspicious activities, including the download of malware, so you can detect, investigate, and respond to attacks in enterprise networks. Evaluate Windows Defender Advanced Threat Protection for free.

    James Patrick Dee


    Source: https://blogs.technet.microsoft.com/...malware-suite/

    See also:

    Click image for larger version. 

Name:	update.png 
Views:	3 
Size:	45.9 KB 
ID:	122479
    Last edited by Brink; 23 Feb 2017 at 12:59.
      My ComputersSystem Spec
  2.    23 Feb 2017 #2
    Join Date : Jun 2015
    Posts : 539
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon

    Hey Brink, thanks for the update

    I don't know if I am off-topic but today I have received this:

    Click image for larger version. 

Name:	m.png 
Views:	8 
Size:	62.2 KB 
ID:	122474

    If off-topic, please remove my post.

    Thank you
      My ComputerSystem Spec
  3.    23 Feb 2017 #3
    Join Date : Oct 2013
    Posts : 25,272
    64-bit Windows 10 Pro build 17046
    Thread Starter

    Hello Joanne,

    The KB890830 update would be the one for this.
      My ComputersSystem Spec
  4.    23 Feb 2017 #4
    Join Date : Jul 2015
    Poole Dorset UK
    Posts : 2,559
    Windows 10 x64 Home Version(1709) Build16299.64

    Received flash yesterday and this one downloaded and just installing now so far so good
      My ComputerSystem Spec
  5.    23 Feb 2017 #5
    Join Date : Mar 2015
    Stockport UK
    Posts : 2,770
    Wndows 10 x64 Home version 1709

    Quote Originally Posted by hTconeM9user View Post
    Received flash yesterday and this one downloaded and just installing now so far so good

    Same here.
      My ComputerSystem Spec
  6.    25 Feb 2017 #6
    Join Date : May 2015
    Posts : 90
    Windows 10

    Out of 3 machines, only one managed to install this (KB890830) through windows update.
    Is there is a manual way to download and install it. I tried through MS catalog and what it did is to scan, but not install.
      My ComputerSystem Spec


Similar Threads
Thread Forum
Security System Malicious Software Removal Tool in Windows
How to Use Malicious Software Removal Tool in Windows The Microsoft Windows Malicious Software Removal Tool (MSRT) helps remove malicious software from your computers that are running Windows 10, Windows 8.1, Windows Server 2012 R2, Windows 8,...
Malicious Software Removal Tool 5.43 released
Source: MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking Microsoft Malware Protection Center See also: Download Malicious Software Removal Tool from Official Microsoft Download Center Malicious...
Windows 10 News
Windows Malicious Software Removal Tool not downloading
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830) is not downloading. Update has been stuck at 3% since 9/9/2015. Cumulative Updates for Win 10 Pro were downloaded...
Windows Updates and Activation
Windows 10 Malicious Software Removal Tool Problem
Hello- I just downloaded and ran this W10 program. It ran for over two hours and during the run indicated there were 12 infected files. At the end, it indicated NO infected files. Can anyone tell me why this is? Thanks, Keith
AntiVirus, Firewalls and System Security
Why Windows Malicious Software Removal Tool isn't obsolete yet?
I don't get the point about MSRT. Why do you have to download and run it EVERY FRIGGING MONTH? :confused::confused::confused: Isn't WD enough? As it scans your system automatically when idle and it has got REAL TIME protection... Or does MSRT...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:46.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App

Windows 10 Forums