locked
Weird Malware Infection Upon Upgrading RRS feed

  • Question

  • Not sure what is up. I upgraded to the windows 10 insider preview through windows update. Before the upgrade, there was no obvious sign of malware infection. Upon completing the upgrade, I found Razor web ads installed on my system. I am 100% sure it was not there before the upgrade. Was this some kind of cuckoo's egg type attack, and should I be concerned about other more malicious malware or a rootkit? I'm running windows defender offline just to be sure. 

    Wednesday, June 10, 2015 9:29 PM

Answers

  • Eric,

    What is your current situation?

    I don't think the injection is caused by the upgrade process.

    And the upgrade process is logged in Windows setupact.txt log files. We may check there to see the process.

    https://technet.microsoft.com/en-us/library/hh824819.aspx

    For the security part, it is recommended to keep Windows Defender running.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 12, 2015 2:25 AM
    Moderator

All replies

  • Really wish I had made a whole disk image so I could see if it always happens on upgrade...
    Wednesday, June 10, 2015 9:33 PM
  • Hi Eric,

    I think that Windows Updated does not cause "Razor web ads".  
    Have you removed it?
    If not, please refer to
    http://malwaretips.com/blogs/ads-by-razor-web-removal/

    # I quite agree about making a whole disk image of Windows partition.

    Regards,

    Thursday, June 11, 2015 12:09 AM
  • Yeah, I cleaned it off. It's just that I'm puzzled how I got infected. I am 100% certain I did not have an (active) infection with ad ware. before the update. After the update, it was obvious I had one. I was just wondering if there was a known cuckoo's egg vuln when you upgrade. On android there is a nasty one where an app can get whatever privileges it wants when android is updated.  
    Thursday, June 11, 2015 12:22 AM
  • Hi, Eric,
    I'm happy to hear you clean it.

    I have one Win.10 build 10130(physical machine) and three Win.10 build 10130. They've all been upgraded form 10041, to be correct, 10041 > 10122 > 10130. I've never found some malware in them.
    It might be that I'm not aware of. Where do you watch it, or when does it appear?

    Regards,
    Thursday, June 11, 2015 1:12 AM
  • Eric,

    What is your current situation?

    I don't think the injection is caused by the upgrade process.

    And the upgrade process is logged in Windows setupact.txt log files. We may check there to see the process.

    https://technet.microsoft.com/en-us/library/hh824819.aspx

    For the security part, it is recommended to keep Windows Defender running.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 12, 2015 2:25 AM
    Moderator