Need help for Virustotal report: 996e.exe

Discussion in 'Serious Discussion' started by diegosanchez, Feb 1, 2019.

  1. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    4
    1
    0
    Hey guys...
    as a paranoid and OCD person,i check every angels of everything before installing something on my PC.
    so recently i encountered a strange thing in virustotal detailed report.many legit softwares and files that i checked on virustotal had a common fishy behavior which is:
    googled about "996E.exe" filed and just few word about suspicious file and ransomware malwares and so on.

    even an official HP Laserjet 1020 driver that i need to install has a such behavior.
    and PhotoScape exe file downloaded via Cnet website.

    so,long story short,what is exactly "996E.exe"?

    and is it better that i install the printer driver via windows 7 "add printer" that use windows update to install drivers?
    any help would be appreciated.
     
  2. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,751
    1,536
    90
    I would think that anything you download from Cnet will set off an antivirus alert, Cnet loads adware installers in with their "free" software.
    Avoid Cnet at all costs and only get your drivers directly from the manufacture
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kaljukass

    kaljukass MDL Expert

    Nov 26, 2012
    1,019
    343
    60
    It's well known malware what shouldn't contain in any computer, never. It's not software or part of some software. It's specially made malware.
    The next - never do not download nothing from such a site like cnet. Use only trusted sites and direct download links from software producers.
    Now is the first thing to do, You must clean Your computer from any kind of malware. If not possible, You should reinstall everything and wipe all damaged content.
    If You need driver and You've got for example the same printer and You don't have it's original driver, go to producer homepage and find it out. If something is updated, You'll get the updates also always from producer directly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,230
    13,838
    210
    #4 Mr.X, Feb 1, 2019
    Last edited: Feb 2, 2019
    New concept: malware is not software it's... a special malware!
    :tooth:
     
  5. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    4
    1
    0
    That's the strange part: same driver from Official HP website and Microsoft website both have a such Registry changing behavior according to virustotal.
     
  6. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    2,751
    1,536
    90
    HP usually will give you a notification during the driver install for their printers that will ask you to disable your antivirus. A printer driver does change the reg, there's nothing wrong with that.
    Does Virus Total show it is malicious when you get a driver directly from HP?

    What's wrong is that places like Cnet and others add other installers along with whatever drivers your getting from them.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. mkuba50

    mkuba50 MDL PHP Wizard

    Nov 9, 2012
    725
    4,872
    30
    This name appears in report of any scanned executable on VirusTotal. I guess that they simply rename the scanned file to mentioned name while creating the report.
     
  8. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,036
    735
    60
    it is just a virus. you can try malwarebytes free to get rid of it.[ but better download it from its official site.]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    4
    1
    0
    yeah,that name pops up on many reports from virustotal.thanks everyone.guss i dig a little deeper into this
     
  10. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    4
    1
    0
    Ok,Officially confirmed.Just even found it on some Official legit Anti virus installer files.Guess that "996E.exe" is legit after all.
    very creepy and suspicious name by the way.(996E.exe)!!! just the name is enough for a paranoid person to raise a red flag.