Vrftjkry

My new laptop was inflicted with a virus in relatively quarantined conditions. I say “quarantined” because I believe the circumstances surrounding its infection warrant the projection of a very limited number of hypotheses as to where it originated from. I say “relative” because I am well aware of how unfounded and aimless examinations of infected systems tend to be.

The procession was such:
Gifted to me was a brand-new laptop (mum broke my old one; then, in a kindhearted, over-compensating stride, she gifted me a new gaming laptop and a new gaming desktop; you can imagine my resultant eagerness to lend her things more often...;).

I went through the motions of initial setup (an endeavor largely conducted by Cortana: I did not stray). Memorably, the last steps of this automated experience were a series of searches for (and subsequent installation of) updates.

Once I was in the clear, I took more liberties in its configuration: I installed around 15 applications necessitated by my intended use of the laptop:

• OneDrive


• MS Office Suite


• Chrome Web Browser


• Adobe Flash


• Discord


• Steam & Steam Library: CSGO, PUBG, Witcher 3, Rust, Don’t Starve


• Battle.net & Overwatch, Hearthstone, Destiny 2


• Epic Games & Fortnite


• League of Legends


• Realm Royal

These next few are particularly worrisome (although not as widely-used) because I installed them at the request of my college.

• NotePad++


• WireShark


• Cisco Packet Tracer Student

So, minimalistically, as described above, I fashioned the new laptop for use: And then I powered it down. I did not touch it again until I suspected it needed a Windows 10 Cumulative Update. I figured it needed one because my desktop* did.

While it was downloading the Windows 10 Cumulative Update, I set my laptop up for “clean boot”, because I was annoyed by how many start-up applications commenced upon powering it on the instance before.

It is fortunate that I did enabled a clean boot: Upon restarting, an all-too-familiar fake Adobe Flash Update prompt appeared on my screen. I knew some sort of trojan had been triggered, since the legitimate Adobe Updater is one of the applications suppressed by a “clean boot”.**

Am I wrong in being concerned that this was a trojan transmitted from downloading one of the widely-used applications I installed? Or, worst: A trojan transmitted within the Windows 10 Cumulative Update?

Are the circumstances surrounding the infection not exceptional enough to confidently trace its origin?

As a user of open source software which I suspect to be compromised, don’t I have some sort of obligation to decipher these events? If so, and upon conclusive analysis, to whom do I report my findings?

*Keep in mind I have a desktop too (which, yes, has this same virus and is equally as new—BUT the circumstances in which it contracted the virus weren’t as controlled and, thus, they do not offer as much insight).

**I had the sense to open Task Manager and locate the file with the executable before terminating the prompt:
C:WindowsSysWOW64MacromedFlash
These are the folder contents:
Folder Contents

This is the OS dialogue when I attempt to delete it:
Insufficient Delete Permissions

In response, I change the File permissions so that I am the owner and then, finally, I delete it. It stays away until the next time I there is a Windows 10 Cumulative Update. It is as if the virus is a time-bomb, conditionally set to appear upon OS update!