• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

FreeFileSync Malware?

G

GoFigureItOut

Joined
Dec 13, 2011
Messages
433 (0.10/day)
System Specs
Processor Core i5 3470 (3.20 GHZ)
Cooling Intel OC27vv
Memory 16 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
I did a MBAM scan of FreeFileSync and it found PUP called OpenCandy.Generic

Just out of curiosity, I extracted the setup.exe file with 7-Zip. Nothing too exciting.

Is it possible to use a debugger or hex editor to see what files an installer will put on a computer?

According to Wikipedia, the files that will be dropped on the system are: OCComSDK.dll and OCSetupHlp.dll
 
slozomby

slozomby

Joined
Aug 17, 2016
Messages
831 (0.30/day)
System Specs
System Name Gaming Desktop
Processor i7 6700k
Motherboard asus rog alpha
Cooling H110i
Memory Corsair Dominator 16gb DDR4 3200
Video Card(s) GTX 1080
Storage EVO 840 500gb, EVO 850 500gb, Perc 710 Raid WD RED 4tbx4
Case Corsair 500r
Power Supply Antec 850
Mouse Logitec G502
Keyboard a cheap dell
normally when dealing with suspect files i'll create an isolated vm, then use procmon to watch what it does. windiff will also tell you what it did.

just looking at files that get added doesn't give you the entire picture of what malware is changing.

option b is generally safest which is just delete the suspect file. there are builtin file sync utilities in windows.
 
G

GoFigureItOut

Joined
Dec 13, 2011
Messages
433 (0.10/day)
System Specs
Processor Core i5 3470 (3.20 GHZ)
Cooling Intel OC27vv
Memory 16 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
Thanks, I'll give that a try
 
You must log in or register to reply here.
Top