First I would like to apologise for my english, since it isn’t my native language. And I also wanted to say that I’m creating this topic in order to receive the help about: “what to do next” and also check if someone else also experienced such a threat. This thread could also act as a warning for a potential threat.
I have also acted with the recommended questions and answers. And I have a screenshot which I will post after I explain situation.
I was normally watching youtube videos on YouTube and the alert pop up. It was located in [b]C:\Program Files\globalUpdate\Update\Install{9838645C-DCDC-4540-B413-1885C9B0E514}[/b] and it was called setup.exe. It was transported to the quarantine as the alert said. The folder Sun king located in C:\Program files\ has been created a second after the alert pop up. It got me worried, because there wasn’t any “ask for permission” nor instalator thingy. The folder just created itself without my knowledge and permission. I panicked and deleted the folder immiedately… the folder also contained a file named “sun_king_updating_service.exe”.
There’s recommended questions and answers:
It was detected by the program itself. I didn’t do anything. So I’m guessing it was back-ground scanner. The alert happened while I was just normally surfing on Youtube watching videos.
I don’t know where it come from. The folder has been created just a moment after the alert pop up.
Received.
The file was called setup.exe and it was located in [b]C:\Program Files\globalUpdate\Update\Install{9838645C-DCDC-4540-B413-1885C9B0E514}[/b]. The Sun king folder was created the moment after the avast alerted me about it. That’s what got me worried.
I have a screenshot which I will upload underneath this.
I actually deleted the entire folder immiedately, because I panicked. Can’t scan it.
Don’t know if it’s possible that I can get it back after I deleted it also from desktop bin.
I have check the google and there’s no info about this file. That’s why I am here.
9 -||-
10.-||-
I just wanted to ask for a help, what to do. If I should scan my computer or I can feel safe? Did it happened to someone else? The folder which created itself without any permission? And this “sun king”. What even is it?
Thanks in advance
Cheers.
@edit
The setup.exe was located in globalUpdate. Not Sun king folder. Sorry for the confusion.
What do you want to say by that? I just would like to know if I should be worried by the avast alert, which detected suspicious file in globalUpdate folder. And then it created a moment after folder called “Sun king” in Program Files. Both file and folder are gone. What this thread have to do with my problem?
The thread itself suggest to create an own thread in this subforum when asking for help, so I did. How your thread is supposed to help me?
I just scaned this folder with avast and nothing was found. It also contains “GoogleUpdate.exe” files and such. Is it really a threat? And if yes, then should I delete it or move to quarantine?
Yes it was me. I have been told that I will receive more help on the Avast forum about this issue. So here I am.
And I’m sorry, but I don’t know what kind of logs you speak of. I’m kind of newbie about the Anti-Virus things. And I don’t know how to get this file from this “Avast virus chest”.
Look in the link I provided (it is the second sticky in the virus and worms section of the forums where we are now posting) and there the tools and logfiles essexboy needs to evaluate are provided. Give him with your log file results and attach these results as txt files to your next posting and he will give it a look. That may be to-morrow because it is already late here in Western-Europe and he might already be gone off “to the Swan mountains” as some say in Polish.
Just wanted to update you guys, that I think it’s getting worse. Today, the avast found another virus while I wasn’t doing anything. I was sitting on the forum and immiedately the alert pop up. This time I couldn’t get a screenshot from the alert, because avast recommended me to restart my computer and do an pre-start scan. It didn’t let me show the last alert. So I did restart my computer - it did scanned before launching Windows and it found lots of threats. They were called Gen-something etc. mostly located in C:\Windows and C:\User.
Also I will be posting logs from Malwarebyte and this another program in one second.
There’s one problem. The thread you linked says that I should move the files to quarantine in Malwarebytes, but there’s only one option to choose. “Remove selected”.
What should I do then? There’s no option to move to quarantine.
Okay so I have the logs. But I just wanted to warn you that I have never posted such things, so I might do something wrong. I apologise for that if it happens!