Trojan.RansomKD.6011863 in NVIDIA\NvBackend\ApplicationOntology (by free HitmanPro)

Sidebar Sidebar
A

adamamerica

Distinguished
Feb 27, 2012
12
0
18,560
Hi,

Trojan.RansomKD.6011863 in NVIDIA\NvBackend\ApplicationOntology was detected today on my Windows 10 laptop by a free version of HitmanPro:

Name: NvOAWrapperCache.exe
Location C:\Users\.....\AppData\Local\NVIDIA\NvBackend\ApplicationOntology
Size 338 KB
Time 1.3 days ago (2017-09-20 09:14:02
Authenticode Valid
Entropy 6.7
Product NVIDIA GeForce Experience Application Ontology
Publisher NVIDIA Corporation
Description OpenAutomate wrapper cache
Version 36.0.5.1
RSA Key Size 2048
LanguageID 1049
SHA-256 3496B51B37A2B9AB94F6BFB186A54352841847EAD41541FDA11FBB06980B4BF2
Detection Names
Bitdefender Trojan.RansomKD.6011863


Since the free version of HitmanPro does not remove any malware I removed the Trojan.RansomKD.6011863 manually.
I used a free version of IOBIT Uninstaller to SHRED that RansomKD.6011863.

After a couple of hours I checked the NVIDIA\NvBackend\ApplicationOntology directory and I see that the NvOAWrapperCache.exe was reinstalled there automatically via Geforce Experience.
I have just run the free version of HitmanPro and 'NO threats' were detected.


Questions:
1. Did I really completely remove the Trojan.RansomKD.6011863 by shredding it?
2. Was the NvOAWrapperCache.exe infected on the NVIDIA site?

3. Is it really worth to keep the GeForce Experience, or, is it just a Nividia's bundleware/forceware?

4. Should I completely uninstall the Nvidia software from my laptop using the IObBit Uninstaller's FORCEFUL uninstall feature or should I use the Display Driver Uninstaller (DDU) version 17.0.7.4?

Thank You in advance,

Adam
 
Solution
xSimply1337x
While system care has some nice features I personally dont like it. I only ever use the uninstaller as a solo program for its power scan function. I've never heard of adwcleaner before so I dont know about its legitimacy and ive also never heard of hit man pro. Kaspersky is a great piece of software though and you should stick to that and windows defender and use malwarebytes for extra malware and adware protection. And as I mentioned before using chrome or Firefox and having an adblocker is also helpful. I personally prefer Firefox with uBlock.
Sort by date Sort by votes
xSimply1337x

xSimply1337x

Honorable
Jan 16, 2014
175
0
10,710
You should run a deepscan using different antivirus like malwarebytes, windows defender etc.
This could be been a fluke and your antivirus thought that it was a virus but it wasn't. It also could've been that it was infected after download during install from anotger source. Run the deepscan and see if anything pops up. If not then it was most likely a fluke but you should make sure that your web browser isn't possibly infected. You should be using chrome or Firefox with an adblocker and you ahould not have any 3rd party toolbars installed that you don't absolutely trust.
Also, you should go through and uninstall any software that you don't know for a fact that you installed yourself and make sure what you do have installed is software that you 100% know and trust
 
Upvote 0 Downvote
A

adamamerica

Distinguished
Feb 27, 2012
12
0
18,560
Thanx xSimply1337x. I forgot to mention that I had downloaded the Advanced SystemCare 10 Free from download.cnet.com, because the IObit.com automatically redirected me to download.cnet.com.
After downloading the Advanced Systemcare 10 setup app I did scan it for viruses with my Kaspersky 2017. - KIS2017 did not report any malware. So, next I installed it.

Yesterday, after posting about that Trojan.RansomKD.6011863 on this site I ran the FREE AdwCleaner and it flagged three Advanced SystemCare 10 directories. I clicked on remove/delete and the AdwCleaner removed EVERYTHING related to IObit's Advanced SystemCare 10. So, I don't have the Advanced SystemCare 10 on my laptop anymore.

Then, I ran the JRT (Junkware Removal Tool) and it showed one directory that was removed.
Finally, I also ran the Windows 10 Defender OFFLINE scan and the Defender did not flag/report anything.


So, that Trojan.RansomKD.6011863 must have been downloaded from the download.cnet.com, unless the warning from the free HitmanPro was false?

I still have to run a FULL scan by my Kaspersky 2017 and perhaps by the Defender as well.
 
Upvote 0 Downvote
xSimply1337x

xSimply1337x

Honorable
Jan 16, 2014
175
0
10,710
While system care has some nice features I personally dont like it. I only ever use the uninstaller as a solo program for its power scan function. I've never heard of adwcleaner before so I dont know about its legitimacy and ive also never heard of hit man pro. Kaspersky is a great piece of software though and you should stick to that and windows defender and use malwarebytes for extra malware and adware protection. And as I mentioned before using chrome or Firefox and having an adblocker is also helpful. I personally prefer Firefox with uBlock.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

Similar threads

E
  • Solved
NVIDIA GPU not working!
Replies
1
Views
5K
Laptop General Discussion
zachc9224
Z
P
  • Locked
  • Solved
Code 43 after updating Nvidia GeForce GTX 960M on Dell Inspiron 15 7000 Series 7559
Replies
14
Views
11K
Laptop Tech Support
Prostar Computer
P
T
  • Solved
BSOD DRIVER_POWER_STATE_FAILURE - Need Help!
Replies
5
Views
5K
Laptop Tech Support
jr9
jr9
M
  • Locked
  • Solved
MSI Ghost Pro - GTX 970M Not Being Detected
Replies
1
Views
6K
Laptop Tech Support
Gingerbread
Gingerbread
J
  • Question
NVIDIA 940m Not detected on flex 3 1470
Replies
1
Views
4K
Laptop Tech Support
Laptop_Nerd
Laptop_Nerd

TRENDING THREADS

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom