I think I have some malware on my computer. I've checked two executables that seem to reinstall each other on VirusTotal, and while the community score shows 0 out of 72, I'm concerned they are indeed malware. I would appreciate it if someone could help analyze the VirusTotal reports for these files. Here are the links:
1. [Report 1](https://www.virustotal.com/gui/file/adb8347dfa1b1df1ca2211fe4d7e82f27ced939f1bf3d52548e52bc9e23fc52c)
2. [Report 2](https://www.virustotal.com/gui/file/3bb694fa08df76f29a747d5cd4138b355b9409cf9cc5eb8345ce6cca2e30db68)
Additionally, I looked up a couple of URLs where these files were hosted:
- [Mega NZ file URL Report](https://www.virustotal.com/gui/url/f6b7ac7115339744e0ba24c4da760b6caad3e7ed441fea761cd1b6dbc599214e/detection)
- [Report for the Mega NZ link](https://www.virustotal.com/gui/url/fe90d6ec628b0ab04a4dd918eceef408f27542fb754a90b266dabc901a3037ed/detection)
2 Answers
It looks like those files might actually be clean. What makes you suspect they're malware? Just because they're reinstalling? For example, Sugarsync is a legit file syncing tool, so it could be invoked by another program. Also, Chime is likely associated with Amazon, possibly an Alexa feature. Would love to hear more about what you're seeing!
I noticed the Chime executable is located in the C:ProgramData83494447 folder, with some DLLs and extensions in it. This is a bit concerning, especially since you said these files were modified right after you downloaded that Mega NZ file. Keep an eye on the folder. If you delete it, and see uh.exe pop up in your user folder, that definitely sounds suspicious.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads