I installed a game on my PC -- the Forza Horizon 3 Developer Build (already own the game obv) -- a few weeks ago. Ever since then, I've been getting these constant crashing messages tied to .tmp files prefixed with "evb" and appended with a bunch of random numbers. I've already uninstalled FH3 completely from my computer, even the standard version I own, but these error messages still continue. Here's an example:
[img]http://puu.sh/xlcsU.png[/img]
These messages come up at random intervals; sometimes every 3 minutes, other times every 5, other times not for a while. They're extremely irritating, albeit harmless, and I'm not sure of the source. I've already done a scan using MalwareBytes (top to bottom, my entire hard disk) and it didn't find anything.
[img]http://puu.sh/xlcwy.png[/img]
Here's what my Temp folder looks like. Those are only a select few files that are made when I randomly get the error messages. I'm not sure of the source. Is there anything I can use to help track down the source of this virus (for a lack of a better term).
In cases where an anti-virus doesn't detect it, I would use [url=https://live.sysinternals.com/procexp.exe]Process Explorer[/url] to identify what is launching these processes. If it's something I don't recognize, I would kill it. If I do recognize it (like explorer.exe), I would look for dlls that it may have loaded, and get rid of anything that looks off.
Once I'm sure that it isn't running anymore, I would use [url=https://live.sysinternals.com/autoruns.exe]Autoruns[/url] and look for any entries that I don't recognize, and get rid of them.
Was eventually gonna try that dev build, thanks for the warning.
Quick google suggests this is related to Aeva Ragnarok Online, uninstall it if you have it.
Otherwise it could be malware masking its self which is something else which is suggested, in which case I'd recommend going over to bleepingcomputer and getting someone who knows how to scan for this shit to walk you though.
[QUOTE=Jcw87;52620652]In cases where an anti-virus doesn't detect it, I would use [url=https://live.sysinternals.com/procexp.exe]Process Explorer[/url] to identify what is launching these processes. If it's something I don't recognize, I would kill it. If I do recognize it (like explorer.exe), I would look for dlls that it may have loaded, and get rid of anything that looks off.
Once I'm sure that it isn't running anymore, I would use [url=https://live.sysinternals.com/autoruns.exe]Autoruns[/url] and look for any entries that I don't recognize, and get rid of them.[/QUOTE]
That worked! I used Process Explorer and isolated the virus to a program called WebHelper.exe, which had nestled itself in a folder named "Macromedia". Any searches I do on it don't come up with anything substantial. Once I stopped the process I just deleted the folder entirely, and it doesn't seem to be present anymore. No crashing at all. Thanks for the help!
[QUOTE=chipsnapper2;52620902]Was eventually gonna try that dev build, thanks for the warning.[/QUOTE]
I can't exactly determine whether or not the FH3 devbuild was the cause of the virus, but it happened around the same time that I'd installed it. Worth a try regardless, lots of cool shit to see
the fh3 dev build doesn't contain anything bad but any sort of repack could contain anything. its best to use powershell instead of any random dev build exe installer...
Sorry, you need to Log In to post a reply to this thread.