ASUS laptop, some bloatware services still running Win10 up to date Avira AV Malwarebytes HitmanPRO Voodooshield free OSarmor A few days ago i received an alert from voodooshield, something triggered powershell to install a windows store app named 'alexa'. The VS log showed that the parent app was asussoftwaremanager.exe. command: c:\windows\system32\windowspowershell\v1.0\powershell.exe get-appxpackage -name *alexa* | out-file -filepath 'c:\users\xxx\alexaisinstalled.txt It freaked me out so i went on google and found out that the asus update service was hacked in 2019, hackers were able to install backdoors though the asus service. Did this perhaps happen again? https://www.vice.com/en/article/pan...o-install-backdoors-on-thousands-of-computers A screenshot from voodooshield: https://i.ibb.co/pZNM9X2/asuspowershell.png Windows search can't find any (hidden) folders or files named alexa, there's also nothing to be found in the registry or local windows store apps. Any advice? Thanks.
OK, so Alexa isn't actually an app on the MS Store? This is weird indeed. The best thing you could do is to monitor for any suspicious processes and registry keys, you could do this via Process Explorer and AutoRuns. And of course I suppose you already scanned the system with Avira and Malwarebytes. And make sure to block outgoing connections from the Asus Software Manager, you probably don't need it anyway. You could use a firewall like TinyWall.
I have ASUS Update Check enabled in the UEFI but it has never shown any activity whatsoever. That's the only ASUS thing allowed on here.I disabled it at first but this resulted in a number of errors in Event Viewer so I grudgingly allowed it. I refuse Armoury Crate though. If that's the software you're referring to, you can get rid of it without a problem. It's a good point about the firewall. You can block any number of outbound activity from certain apps, also in Windows Firewall.
That's why I do a clean install for every pc/laptop I have. They just have preinstalled software that often has security holes that late/never get fixed.
