Hey guys... as a paranoid and OCD person,i check every angels of everything before installing something on my PC. so recently i encountered a strange thing in virustotal detailed report.many legit softwares and files that i checked on virustotal had a common fishy behavior which is: googled about "996E.exe" filed and just few word about suspicious file and ransomware malwares and so on. even an official HP Laserjet 1020 driver that i need to install has a such behavior. and PhotoScape exe file downloaded via Cnet website. so,long story short,what is exactly "996E.exe"? and is it better that i install the printer driver via windows 7 "add printer" that use windows update to install drivers? any help would be appreciated.
I would think that anything you download from Cnet will set off an antivirus alert, Cnet loads adware installers in with their "free" software. Avoid Cnet at all costs and only get your drivers directly from the manufacture
It's well known malware what shouldn't contain in any computer, never. It's not software or part of some software. It's specially made malware. The next - never do not download nothing from such a site like cnet. Use only trusted sites and direct download links from software producers. Now is the first thing to do, You must clean Your computer from any kind of malware. If not possible, You should reinstall everything and wipe all damaged content. If You need driver and You've got for example the same printer and You don't have it's original driver, go to producer homepage and find it out. If something is updated, You'll get the updates also always from producer directly.
That's the strange part: same driver from Official HP website and Microsoft website both have a such Registry changing behavior according to virustotal.
HP usually will give you a notification during the driver install for their printers that will ask you to disable your antivirus. A printer driver does change the reg, there's nothing wrong with that. Does Virus Total show it is malicious when you get a driver directly from HP? What's wrong is that places like Cnet and others add other installers along with whatever drivers your getting from them.
This name appears in report of any scanned executable on VirusTotal. I guess that they simply rename the scanned file to mentioned name while creating the report.
it is just a virus. you can try malwarebytes free to get rid of it.[ but better download it from its official site.]
yeah,that name pops up on many reports from virustotal.thanks everyone.guss i dig a little deeper into this
Ok,Officially confirmed.Just even found it on some Official legit Anti virus installer files.Guess that "996E.exe" is legit after all. very creepy and suspicious name by the way.(996E.exe)!!! just the name is enough for a paranoid person to raise a red flag.
you sure? several sites mention ransomware, adware, virus....which is correct?? found this thread; (interesting but not sure) https://www.bleepingcomputer.com/forums/t/670043/uncertain-if-infected/ though you gotta be careful because when i googled it, there were lots of fake sites that happen to list whatever you are searching for and offer some download to remove it. i have had a few odd files in the last few months, sometimes they come with installers, even when you downloaded something legit or you think it's legit. lots of miners around which eat up cpu, that's what to look out for in task manager. or if you find svchost in any other folder that's not the system ones...
Sorry for necro-bump but after a few researches and tests it seems like that's it's an artifact of Tencent's HABO sandbox. Almost every single 32bit executable analyzed returns that Registry Action. Note that I've also tried with digitally signed executables like VLC or any common software