Jump to content

Win32/Occamy.AA


Cranfield
 Share

Recommended Posts

Bit Defender has advised me twice in 3 hours today that I have this "app" and it is suggested I go through the process of removing it.
This entails Defender scanning, identifying and removing.
Emsisoft never identified this "app" and on the second notification I did a Emsisoft Malware scan before allowing Defender to remove it,  nothing was found by the Emsisoft scan,  but then Defender scanned and reported they had removed it.
I would comment that I get a Defender comment about once a year.

Any comments ? 

Link to comment
Share on other sites

Update.

A full Emsisoft Malware scan found nothing.

I am getting Defender warning messages almost hourly, referring to the same occamyaa "app".me .
A "quick scan" on Defender then reports, "no threats detected".

I appreciate the issue seems to be with Defender, but does anyone have a clue whats happening ? 
 

Link to comment
Share on other sites

Does Bit Defender provide any more information - eg the location in which the file was found?  And, more to the point, does it tell you its (MD5 or eg SHA1/SHA256) hash?  With that information you/we could look it up on the VirusTotal website and find out more about it.

 

Link to comment
Share on other sites

Update.

I did mean Windows Defender, sorry for the slip.

Nothing happening today, no Defender notifications.

I did a full Emsisoft scan and a Defender scan, both clear.

Late yesterday I did remove a file I had downloaded early yesterday morning, on the basis it was the only new thing on my PC on the day.
I did scan the file with Emsisoft and Defender, both saying "no suspicious items", but its been quiet since I removed it, so who knows.

Hopefully this issue is now dead, but I will post again if it returns.

Link to comment
Share on other sites

When you say a file was the "only new thing on my PC on the day", that's extremely unlikely to be true. 

There's probably hundreds or more files being created, updated etc every day in the normal course of using a computer.  EAM alone will download signature updates many times per day.  If you're using a browser it will download all the constituent parts of every webpage you look at (and cache them, possibly writing them to disk in some form).  Quite a lot of Windows components download updates as and when they see fit ... eg Edge does.

Link to comment
Share on other sites

20 minutes ago, Cranfield said:

Update.

I did mean Windows Defender, sorry for the slip.

Nothing happening today, no Defender notifications.

I did a full Emsisoft scan and a Defender scan, both clear.

Late yesterday I did remove a file I had downloaded early yesterday morning, on the basis it was the only new thing on my PC on the day.
I did scan the file with Emsisoft and Defender, both saying "no suspicious items", but its been quiet since I removed it, so who knows.

Hopefully this issue is now dead, but I will post again if it returns.

Glad to hear you feel it is sorted now.

Do feel free to post back if you have anymore issues :)

Link to comment
Share on other sites

35 minutes ago, JeremyNicoll said:

When you say a file was the "only new thing on my PC on the day", that's extremely unlikely to be true. 

There's probably hundreds or more files being created, updated etc every day in the normal course of using a computer.  EAM alone will download signature updates many times per day.  If you're using a browser it will download all the constituent parts of every webpage you look at (and cache them, possibly writing them to disk in some form).  Quite a lot of Windows components download updates as and when they see fit ... eg Edge does.

Yes, I appreciate what you say, but as the Defender notice referred to an "app", I assumed it meant something I had installed/downloaded knowingly.

Link to comment
Share on other sites

On 10/4/2020 at 10:42 AM, Cranfield said:

Yes, I appreciate what you say, but as the Defender notice referred to an "app", I assumed it meant something I had installed/downloaded knowingly.

On Windows the term "app" is usually used for Microsoft Store apps, which are different from traditional applications that you download and install. You can remove these by right-clicking on the Start button and selecting Apps and Features.

If you notice any more of these notifications then I recommend running a scan with FRST and posting the logs here for me to review. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...