Any Windows Updates pending?
And youāve run Norton LiveUpdate + Restart (not Shut down) machineā¦a few times.
And youāve run Disk Cleanup/Storage Senseā¦system temporary files/cache + Restart (not Shut down) machine?
You installed onedrive.exeā¦yourselfā¦from what source?
Did you install ābundled softwareā āother softwareā from the source?
Are you signed in to Microsoft account?
Are you synching new machine with other devices?
\AppData\Local\Microsoft\OneDrive.exe = head scratch
Maybe, your new machine has pre-installed trialware/freeware? that Norton detects?
Did you run Norton full scan + Malwarebytes threat scan.
How to install and run a scan with Malwarebytes here
=================================================
AI Overview
Ongoing notifications for Win32:PUP-Gen or Win32:OpenCandy threats related to onedrive.exe likely indicate that your security software has detected bundled software (PUA), not necessarily that the OneDrive application itself is infected. This PUA, like OpenCandy, often comes bundled with other freeware and performs potentially unwanted actions, such as installing toolbars or modifying browser settings. To resolve this, update your antivirus/anti-malware software to the latest version, then perform a full system scan. If the threat is identified, follow the security softwareās instructions to remove or quarantine it, then restart your computer and run another scan to confirm.
Understanding Win32:PUP-Gen and Win32:OpenCandy
Potentially Unwanted Programs (PUPs):
Win32:PUP-Gen and Win32:OpenCandy are classified as Potentially Unwanted Programs (PUAs) or Potentially Unwanted Programs (PUPs), rather than true malware.
Bundling:
These are often bundled with legitimate free software that users download from unofficial sources.
Undesirable Behaviors:
They can modify browser settings, install unwanted add-ons, change the homepage, or inject into other processes.
False Positives:
They can sometimes be flagged by antivirus software even if they are not directly related to the OneDrive application, especially if the user was trying to install another program.
fwiw ~ boiler plate
Did you clear browser cookies n cache? system cache?
Do you run browser/device sync?
Did you recently install any program / browser extension?
Did you recently allow push notifications?
Did you recently change site permissions?
Did you run Norton full scan?
Did you run Malwarebytes threat scan?
Thanks bjm, so many questions I went through them, didnāt answer publicly thoughā¦
But I installed OneDrive myself from Microsoft website.
This one \AppData\Local\Microsoft\OneDrive.exe = head scratch I didnāt understand. But then the comment below from SoulAsylum. So I removed the file from the folder. Did full scan, restart, and didnāt get new threat notifications anymore. But can also not run OneDrive anymore, so that I will need to reinstall I guess.
Iām signed into Microsoft account, and am syncing only this laptop. My previous laptop was also linked to the same folders in OneDrive, in the cloud.
About bundled software, not sure if I downloaded Office365 and that it included OneDrive, or that I downloaded OneDrive separately. But anyway, it came from Microsoft, not a random website offering software.
Let me try the re-install of OneDrive. Seems to be the next step
Indeed, if the installation location changed for OD and you didnāt perform that malware most likely is at play. Guru Bjm laid that out nicely earlier.
<I can only do 1 snapshot per post as Iām new to this forum, so Iāll post it separately>
Before I removed OneDrive, in AppData it had more files and at least application files OneDrive.App and OneDrive. I guess like itās now in Program Files.
For now, Norton is silent. OneDrive is syncing. Iāll keep you updated about the status.
fwiw ~ my OneDriveā¦Apps ā Installed apps ā Uninstallā¦left residual files with Program Files and AppDataā¦before & after my machine Restart (not Shut down).
Your Oct 06 with Oct 07 dates (maybe) suggestsā¦you did not scour File Explorer for residual filesā¦did not Restart machineā¦before your OneDrive re-install.
Iām curiousā¦did you run Norton full scan &or Malwarebytes threat scanā¦after OneDrive re-install?
Iām curiousā¦what your OneDriveTemp folder looked like when Norton was not silent.
---------------------------------------
Caveat: I do not run OneDrive. Iām not familiar with OneDrive app/client and my as test: OneDrive installā¦did not Sync.
Is pre-installed Norton 360 for Gamers trialware?
Is pre-installed Norton 360 for Gamers registered with your Norton account?
Meaning, youāll be able to reinstallā¦pre-installed Norton 360 for Gamers.
fwiw ~ were my new machine.
Iād uninstall Norton 360.
Iād uninstall OneDrive with scour File Explorer for remnants.
Iād run new machine as itās out-of-the-boxā¦with Windows Securityā¦for a while.
Iād run Windows Security scans.
No detections.
Iād setup my new machine with OneDrive to my liking and run Windows Security scans.
Iād only introduce Norton 360 once Iām assured my machine is clean.
Norton 360 detection may be erroneous.
Norton 360 detections may be M$ new machine trialware/bloat.
AI Overview
Ongoing notifications for Win32:PUP-Gen or Win32:OpenCandy threats related to onedrive.exe likely indicate that your security software has detected bundled software (PUA), not necessarily that the OneDrive application itself is infected. This PUA, like OpenCandy, often comes bundled with other freeware and performs potentially unwanted actions, such as installing toolbars or modifying browser settings.
I just wanted to give feedback on the steps you gave āas it were your new machineā. I followed all, except for the last one, introducing Norton. The first scans Windows Security would come up with threats, that I would remove or put in quarantine. Have run several scans in the past weeks, and it all looks good. I think I will keep on using Windows Security.
I went through them, didnāt answer publicly thoughā¦
