We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Microsoft Store Apps-Trojan

High Priority
51 Views
Last Modified: 2020-06-05
I would like to know if is it safe to download apps from the Microsoft store? I was going to download an app that is called the following:

Drugs Dictionary Offline: FREE

‪bestmedicalapps‬

‪Medical‬

MWB blocked it because it cosiders it as Malicious a TROJAN. When I looked at the details of MWB it listed the website as ""ALLFULLDOWNLOAD.com"". Can someone tell me why would Microsoft put malicious apps in it's store. Should I trust Microsoft store? and add the website to white list. How should I go about this? I don't want to take a chance.



Drugs Dictionary-Trojan
Thank you,
Basem Khawaja
Comment
Watch Question

Jane UpdegraffSr. Systems Administrator
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
CERTIFIED EXPERT

Commented:
Turn off all the systemwide privacy settings from notifications down to background tasks.  Disable the Windows store.  I prevent anyone from installing from Microsoft store.  That was invented for their Microsoft phone and far too many apps are contain trojans and viruses, much more than Android.  It's just not safe.  Besides, any app you find in the store has enough free equivalent versions not in the store.
Basem KhawajaClinical Pharmacist

Author

Commented:
Serialband:
""Turn off all the systemwide privacy settings from notifications down to background tasks.  Disable the Windows store.""  

How do I accomplish what you suggested for me to do?  I went to notifications and I did not see such an option.

Basem KhawajaClinical Pharmacist

Author

Commented:
Hi Jane,

Thank you for that valuable information. Wow you are way smarter than me! I would like to know how were you able to find out the following information. I would like to learn from you so that just in case I run into aomething like this in the future , I would know how todig in a little deeper.
""A quick lookup of both the domain you show in your screenshot turns up that it's a domain belonging to a Canadian named Bobbie Joe (in British Columbia) and that the executable that is being blocked, brave.exe, is the Brave browser,""

""Did you know that this package you were downloading included a new browser? ""
  I was not able to find the app in the Microsoft App Store.

Thank you,
Basem Khawaja, R.Ph.


CERTIFIED EXPERT

Commented:
Basem KhawajaClinical Pharmacist

Author

Commented:
serial band,

I went to privacy settings-notification. I was not able to see the  ""Turn off all the systemwide privacy settings from notifications down to background tasks.  Disable the Windows store.""   
Can you send me a screen capture please to see how to access it?

I was able to go the background section and saw the Windows Microsoft Store settings to turn it off .

Thank you,
Basem Khawaja, R.Ph.
Basem KhawajaClinical Pharmacist

Author

Commented:
Jane Updegraff
Sr. Systems Administrator

Can you please reply to my question?

Thank you,
Basem Khawaja, R.Ph.
Jane UpdegraffSr. Systems Administrator

Commented:
Sure, Basem, sorry for the delay, I generally don't log in to EE every day, so I don't always see replies right away.

You asked:

I would like to learn from you so that just in case I run into aomething like this in the future , I would know how todig in a little deeper.
""A quick lookup of both the domain you show in your screenshot turns up that it's a domain belonging to a Canadian named Bobbie Joe (in British Columbia) and that the executable that is being blocked, brave.exe, is the Brave browser,""

To lookup a domain and find out who has registered it with ICANN and how to reach those people who own it, you do a WHOIS lookup. The WHOIS function is available in online form at several websites, but I like to use https://www.whois.com/  - just enter the domain in the search box at the upper right corner (NOT the big search box in the middle of the page, that box just takes oyu to advertiser websites to try to see you a domain name registration) and the results will come back for any actual, legitimate domain. Try searching WHOIS for google.com and that will give you a good example of the type of information you can get from a WHOIS. In addition to looking up domain names, you can also lookup public IP addresses (those that are not private IP addresses inside a private network) to see who owns that address. Try it a few times, it can be very illuminating.

""Did you know that this package you were downloading included a new browser? ""
  I was not able to find the app in the Microsoft App Store.

I could tell what program was being called up because it was in the file path that you posted in your notification screenshot.

Then, if I had not already known (from memory) that brave.exe is a brand of web browser, I would have just looked up "brave.exe" in a Google search and it would have instantly told me what that the .exe file (executable file, a type of file that is usually an application launcher) that triggered your defensive application (I'm assuming it was an antivirus or anti-malware utility) is a brand of browser that was in the news a few years ago (2015) for developing some controversial advertising policies. But with a little bit of reading it turns out to be a real program but it was not (apparently) what you thought you were installing, or at least you didn't realize that Brave was included in what you downloaded from the store.  

When in doubt or needing to learn anything, Google is your friend. If you had searched Google just by typing in " report:blocked website allfulldownload.com" you would have probably found more information, as well. I didn't try that but you can. :-)

Jane
Basem KhawajaClinical Pharmacist

Author

Commented:
Jane,

Thank you for all that information. I am confused though based on you wrote:
" "But with a little bit of reading it turns out to be a real program but it was not (apparently) what you thought you were installing, or at least you didn't realize that Brave was included in what you downloaded from the store."" 


Brave is the browser that I am using currently. I was using Chrome but now I am using it as it was recommended by a very trustworthy expert here at EE. It has a pop up and ads blocker and it does a very good job. You were telling me that I was downloading the Brave Browser when in fact I was downloading an app called Drugs Dictionary Offline which I can not find it any more in the Microsoft Store. Furthermore, you were saying that the browser was included in the installation which it was never got a chance to be downloaded because it was blocked by MWB. So are you telling me that the original app that I meant to download from the MS Store it was Malicious yet it had the Brave browser as an additional download. Why would they include a legitimate software such as Brave and a malware like the Drugs Dictionary at the same time. Finally,the path already exist on my PC for the Brave Browser that you had included in your reply since 3/3/2020 when it was initially installed.

Thank you,
Basem Khawaja, R.Ph.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Basem KhawajaClinical Pharmacist

Author

Commented:
Andrewe,

Thank you so much once again for the informative and solid explanation that you gave me. I assure you that I am not hallucinating! I did go to the MS Store and I was looking for a dictionary then I saw the one that I tried to download which was later on blocked by MWB that I can no loger locate it again for some reason. I will try to remember and will post it here if I can find it.

Thank you my friend.

Basem Khawaja, R.Ph.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
Hi Basem,

I assure you that I am not hallucinating! I did go to the MS Store and I was looking for a dictionary then I saw the one that I tried to download which was later on blocked by MWB that I can no loger locate it again for some reason.

I wasn't suggesting you were hallucinating lol :)

The fact that you can no longer find it actually makes sense. Microsoft may well have discovered a Trojan in the app that slipped past their initial vetting process for being listed on the store and have now probably removed it as a result. That would explain why you can no longer find it, or why I couldn't find it. My guess would be that the app download itself was trying to redirect you to ALLFULLDOWNLOAD.com which in itself, is highly suspicious behaviour.

I would conclude that in this case, Malwarebytes Premium has saved you from potentially being infected by a Trojan and has done its job well. :)

That said, a "FREE" offline medical dictionary sounded suspicious to me from the start. Rarely has anything to do with Medical Databases ever given away for Free :)

Cheers, Andrew
Basem KhawajaClinical Pharmacist

Author

Commented:
Andrew,

Hallelujah!! I went to the address bar in Brave and I entered the following: ""drugs dictionary offline in microsoft store"" . 
The first hit was my answer to finding the app. Please look at the screen capture and help me to figure out why does it say I own the app? See if you download it on your Virtual computer and see if you get the same message to be blocked by MWB.

Thank you,

Basem Khawaja, R.Ph.


Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
Hallelujah!! I went to the address bar in Brave and I entered the following: ""drugs dictionary offline in microsoft store"" .  The first hit was my answer to finding the app. Please look at the screen capture and help me to figure out why does it say I own the app? See if you download it on your Virtual computer and see if you get the same message to be blocked by MWB.

Good stuff. Thanks, I found the link and am checking into it now. Will comment again soon.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Basem KhawajaClinical Pharmacist

Author

Commented:
Andrew,

You are correct! I don't how I could have missed that one. I have an Android an old Note 4 mobile phone. I wanted to see where the Download button was. I can not see it because it says that I own the app. I checked in programs and features and I do not see the app which makes sense since I never installed it in the first place. Please help me.

Basem KhawajaClinical Pharmacist

Author

Commented:
Andrew,

This is crazy. I searched every where on my pc and there is no such citing. Then I saw web results that are displayed on the right side of the start Menu search bar and now it says get App. If I do not meet the requirements then why does MS allow me to download it? Does it make sense!

IT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
If I do not meet the requirements then why does MS allow me to download it? Does it make sense!
That will just be an error on the Microsoft website. It may allow a download to be attempted, but there is nothing there that will install. MS have assumed you have checked on what platforms the app will run on.

Make sense?
Basem KhawajaClinical Pharmacist

Author

Commented:
Andrew,

Any way you can remove " I own this App"?
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
Any way you can remove " I own this App"? 

Not that I know of. Just ignore it. It's a website error, so you would need to contact Microsoft support, but I don't see the point. As I said, I know that I do not own the app and never even tried to download it, yet the page claims that I own it too. No big deal for me. Only someone with Admin access to the Microsoft store could change that for you is my guess. Personally, I'd just ignore that message.
Basem KhawajaClinical Pharmacist

Author

Commented:
Ok, Thank you Andrew.

Have a good day my friend. I will close the question later on today.

Basem
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
No worries Basem, glad I could help :)

Cheers.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
Basem,
Any way you can remove " I own this App"? 
Just had an additional thought. Not sure if this would work because I haven't tried it myself and am not sure if MS tracks app downloads by your login, or via cookies, but you could try clearing your browser cookies to see if that would remove the "I own this App" message.

In Brave, go to Clear Browsing Data (or press Ctrl + Shift + Del) and clear all cookies.

I didn't try it because I don't want to clear my own cookies at the moment, but if it bothers you, just something you could try. Either way, I still say that message is harmless and suggest ignoring it :)

Hope that's helpful.

Regards, Andrew
Basem KhawajaClinical Pharmacist

Author

Commented:
Andrew,

I cleared all the cookies from all the time in MS Edge and I even went to settings-system-and turned off Continue running background apps when Microsoft Edge is closed . Then I went to the MS Store message was still there however when you look for it initially in the address bar the message is gone in the MS Edge Browser!
Basem KhawajaClinical Pharmacist

Author

Commented:
Thank you everyone.
Andrew,

Once I take off my hat for you my friend:). Thank you for enlightening me on the system requirements. I took that for granted in the first place. I thought that all apps will work on all platforms.
I appreciate your simple and easy to follow instructions. If I was in the Uni, I would definitely sign up for computer classes with you with my eyes closed. Be careful though, One day I may take over your job. Just kidding! You will always be the smartest.

God bless.
Thank you,
Basem Khawaja, R.Ph.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.