Need help for Virustotal report: 996e.exe

Discussion in 'Serious Discussion' started by diegosanchez, Feb 1, 2019.

  1. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    7
    1
    0
    Hey guys...
    as a paranoid and OCD person,i check every angels of everything before installing something on my PC.
    so recently i encountered a strange thing in virustotal detailed report.many legit softwares and files that i checked on virustotal had a common fishy behavior which is:
    googled about "996E.exe" filed and just few word about suspicious file and ransomware malwares and so on.

    even an official HP Laserjet 1020 driver that i need to install has a such behavior.
    and PhotoScape exe file downloaded via Cnet website.

    so,long story short,what is exactly "996E.exe"?

    and is it better that i install the printer driver via windows 7 "add printer" that use windows update to install drivers?
    any help would be appreciated.
     
  2. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,173
    1,837
    120
    I would think that anything you download from Cnet will set off an antivirus alert, Cnet loads adware installers in with their "free" software.
    Avoid Cnet at all costs and only get your drivers directly from the manufacture
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kaljukass

    kaljukass MDL Expert

    Nov 26, 2012
    1,473
    505
    60
    It's well known malware what shouldn't contain in any computer, never. It's not software or part of some software. It's specially made malware.
    The next - never do not download nothing from such a site like cnet. Use only trusted sites and direct download links from software producers.
    Now is the first thing to do, You must clean Your computer from any kind of malware. If not possible, You should reinstall everything and wipe all damaged content.
    If You need driver and You've got for example the same printer and You don't have it's original driver, go to producer homepage and find it out. If something is updated, You'll get the updates also always from producer directly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,452
    14,239
    210
    #4 Mr.X, Feb 1, 2019
    Last edited: Feb 2, 2019
    New concept: malware is not software it's... a special malware!
    :tooth:
     
  5. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    7
    1
    0
    That's the strange part: same driver from Official HP website and Microsoft website both have a such Registry changing behavior according to virustotal.
     
  6. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,173
    1,837
    120
    HP usually will give you a notification during the driver install for their printers that will ask you to disable your antivirus. A printer driver does change the reg, there's nothing wrong with that.
    Does Virus Total show it is malicious when you get a driver directly from HP?

    What's wrong is that places like Cnet and others add other installers along with whatever drivers your getting from them.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. whatever127

    whatever127 MDL PHP Wizard

    Nov 9, 2012
    963
    6,473
    30
    This name appears in report of any scanned executable on VirusTotal. I guess that they simply rename the scanned file to mentioned name while creating the report.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. nodnar

    nodnar MDL Expert

    Oct 15, 2011
    1,067
    779
    60
    it is just a virus. you can try malwarebytes free to get rid of it.[ but better download it from its official site.]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    7
    1
    0
    yeah,that name pops up on many reports from virustotal.thanks everyone.guss i dig a little deeper into this
     
  10. diegosanchez

    diegosanchez MDL Novice

    Dec 27, 2018
    7
    1
    0
    Ok,Officially confirmed.Just even found it on some Official legit Anti virus installer files.Guess that "996E.exe" is legit after all.
    very creepy and suspicious name by the way.(996E.exe)!!! just the name is enough for a paranoid person to raise a red flag.
     
  11. RanCorX2

    RanCorX2 MDL Addicted

    Jul 19, 2009
    927
    492
    30
    #11 RanCorX2, Mar 30, 2019
    Last edited: Mar 30, 2019
    you sure? several sites mention ransomware, adware, virus....which is correct??

    found this thread; (interesting but not sure)

    https://www.bleepingcomputer.com/forums/t/670043/uncertain-if-infected/

    though you gotta be careful because when i googled it, there were lots of fake sites that happen to list whatever you are searching for and offer some download to remove it.

    i have had a few odd files in the last few months, sometimes they come with installers, even when you downloaded something legit or you think it's legit.

    lots of miners around which eat up cpu, that's what to look out for in task manager.

    or if you find svchost in any other folder that's not the system ones...