Trojan.RansomKD.6011863 in NVIDIA\NvBackend\ApplicationOntology (by free HitmanPro)

adamamerica

Honorable
Feb 27, 2012
12
0
10,560
0
Hi,

Trojan.RansomKD.6011863 in NVIDIA\NvBackend\ApplicationOntology was detected today on my Windows 10 laptop by a free version of HitmanPro:

Name: NvOAWrapperCache.exe
Location C:\Users\.....\AppData\Local\NVIDIA\NvBackend\ApplicationOntology
Size 338 KB
Time 1.3 days ago (2017-09-20 09:14:02
Authenticode Valid
Entropy 6.7
Product NVIDIA GeForce Experience Application Ontology
Publisher NVIDIA Corporation
Description OpenAutomate wrapper cache
Version 36.0.5.1
RSA Key Size 2048
LanguageID 1049
SHA-256 3496B51B37A2B9AB94F6BFB186A54352841847EAD41541FDA11FBB06980B4BF2
Detection Names
Bitdefender Trojan.RansomKD.6011863


Since the free version of HitmanPro does not remove any malware I removed the Trojan.RansomKD.6011863 manually.
I used a free version of IOBIT Uninstaller to SHRED that RansomKD.6011863.

After a couple of hours I checked the NVIDIA\NvBackend\ApplicationOntology directory and I see that the NvOAWrapperCache.exe was reinstalled there automatically via Geforce Experience.
I have just run the free version of HitmanPro and 'NO threats' were detected.


Questions:
1. Did I really completely remove the Trojan.RansomKD.6011863 by shredding it?
2. Was the NvOAWrapperCache.exe infected on the NVIDIA site?

3. Is it really worth to keep the GeForce Experience, or, is it just a Nividia's bundleware/forceware?

4. Should I completely uninstall the Nvidia software from my laptop using the IObBit Uninstaller's FORCEFUL uninstall feature or should I use the Display Driver Uninstaller (DDU) version 17.0.7.4?

Thank You in advance,

Adam
 

xSimply1337x

Honorable
Jan 16, 2014
175
0
10,710
47
While system care has some nice features I personally dont like it. I only ever use the uninstaller as a solo program for its power scan function. I've never heard of adwcleaner before so I dont know about its legitimacy and ive also never heard of hit man pro. Kaspersky is a great piece of software though and you should stick to that and windows defender and use malwarebytes for extra malware and adware protection. And as I mentioned before using chrome or Firefox and having an adblocker is also helpful. I personally prefer Firefox with uBlock.
 

xSimply1337x

Honorable
Jan 16, 2014
175
0
10,710
47
You should run a deepscan using different antivirus like malwarebytes, windows defender etc.
This could be been a fluke and your antivirus thought that it was a virus but it wasn't. It also could've been that it was infected after download during install from anotger source. Run the deepscan and see if anything pops up. If not then it was most likely a fluke but you should make sure that your web browser isn't possibly infected. You should be using chrome or Firefox with an adblocker and you ahould not have any 3rd party toolbars installed that you don't absolutely trust.
Also, you should go through and uninstall any software that you don't know for a fact that you installed yourself and make sure what you do have installed is software that you 100% know and trust
 

adamamerica

Honorable
Feb 27, 2012
12
0
10,560
0
Thanx xSimply1337x. I forgot to mention that I had downloaded the Advanced SystemCare 10 Free from download.cnet.com, because the IObit.com automatically redirected me to download.cnet.com.
After downloading the Advanced Systemcare 10 setup app I did scan it for viruses with my Kaspersky 2017. - KIS2017 did not report any malware. So, next I installed it.

Yesterday, after posting about that Trojan.RansomKD.6011863 on this site I ran the FREE AdwCleaner and it flagged three Advanced SystemCare 10 directories. I clicked on remove/delete and the AdwCleaner removed EVERYTHING related to IObit's Advanced SystemCare 10. So, I don't have the Advanced SystemCare 10 on my laptop anymore.

Then, I ran the JRT (Junkware Removal Tool) and it showed one directory that was removed.
Finally, I also ran the Windows 10 Defender OFFLINE scan and the Defender did not flag/report anything.


So, that Trojan.RansomKD.6011863 must have been downloaded from the download.cnet.com, unless the warning from the free HitmanPro was false?

I still have to run a FULL scan by my Kaspersky 2017 and perhaps by the Defender as well.
 

xSimply1337x

Honorable
Jan 16, 2014
175
0
10,710
47
While system care has some nice features I personally dont like it. I only ever use the uninstaller as a solo program for its power scan function. I've never heard of adwcleaner before so I dont know about its legitimacy and ive also never heard of hit man pro. Kaspersky is a great piece of software though and you should stick to that and windows defender and use malwarebytes for extra malware and adware protection. And as I mentioned before using chrome or Firefox and having an adblocker is also helpful. I personally prefer Firefox with uBlock.
 
Thread starter Similar threads Forum Replies Date
DCB007 Antivirus / Security / Privacy 4
G Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 3
D Antivirus / Security / Privacy 6
B Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 1
G Antivirus / Security / Privacy 9
Z Antivirus / Security / Privacy 4
A Antivirus / Security / Privacy 4
A Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 1
T Antivirus / Security / Privacy 7
D Antivirus / Security / Privacy 5
R Antivirus / Security / Privacy 1
G Antivirus / Security / Privacy 7
L Antivirus / Security / Privacy 1
Jeffery414 Antivirus / Security / Privacy 14
M Antivirus / Security / Privacy 3
D Antivirus / Security / Privacy 3
G Antivirus / Security / Privacy 2

ASK THE COMMUNITY