What is the NWJS virus and how can I protect my computer from it?

In summary, the NWJS virus is a type of malware that infects computers running on the NW.js platform. It can cause a range of issues, including slowing down the system, stealing personal information, and allowing remote access to the computer. To protect your computer from this virus, it is important to regularly update your virus protection software, avoid downloading suspicious files or programs, and be cautious when clicking on links or opening attachments in emails. It is also recommended to regularly backup important files and to use a firewall to block unauthorized access to your computer.
  • #1
DaveC426913
Gold Member
23,069
6,747
TL;DR Summary
I am getting this McAfee virus popup. How can I remove it?
This is on my wife's computer, which we bought many months ago but has not been used (much).

I am getting this popup.

1707440129883.png


The computer is not running McAfee; it is running BitDefender and Windows Firewall. Task Manager tells me this is Malware nwjs (see background in screenshot). When I ended that task, it went away.

I checked the security settings and found that browsing protection was not turned on, so I've turned it on. I ran a quick scan which turned up nothing.

I also checked that there are no suspicious browser extensions (at least in Chrome, I guess I should check Edge too)

Is there anything else I can or should do?
 
Computer science news on Phys.org
  • #2
A little bit more research leads me to PCAppStore/cvs.exe which is apparently a legit org and a legit app but can be exploited it seems. It appears to have been quarantined sometime today. I have now removed it. We'll see if the message comes back. (It has appeared twice in two hours.)

Despite the fact that this computer has been pretty much idle for months, it does not appear to have its security files out-of-date. Or, at least, they are up-to-date as of two hours ago...
 
  • #3
Try installing Malwarebytes (it can safely stay with another antivirus software), and conduct a system scan using that.

Most likely, this is an adware issue.
 
  • Like
Likes WWGD, russ_watters and DaveC426913
  • #4
DaveC426913 said:
Is there anything else I can or should do?
If you have McAfee Free, then you may consider to replace it with something else what does not include unkillable FUD popups as advertising strategy.

Ps.: I had AVG Free. Was the same. Got replaced. Now, I has PEACE 😇
 
  • #5
Don't have any McAfee s/w.
 
  • #6
I've been running Linux for years. Never had a virus scanner installed and I've never been inconvenienced by any virus. If I have one it's being very discreet. :)
 
  • Like
Likes jack action and strangerep
  • #7
sbrothy said:
I've been running Linux for years. Never had a virus scanner installed and I've never been inconvenienced by any virus. If I have one it's being very discreet. :)
To be fair I check port traffic from time to time just to be sure but I've never seen anything out of the ordinary.

just to be sure I'm not paticipating in a DDOS attack without my knowlegde.

But I think there is a virus scanner. It's called "clam" right?
 
  • #8
Getting serious for a second... Does this executable(?) present itself as "NWJS" or "NW.js" (or similar)?

I'm asking because "nw.js" isn't actually a virus but a Javascript module which might conceivable set off a virus scanner because it handles a bunch of stuff:

https://github.com/nwjs/nw.js/wiki/_pages

I'm just pointing this out because it would be a right mess to start a war against something benign.
 
Last edited:
  • Like
Likes phinds
  • #9
DaveC426913 said:
Don't have any McAfee s/w.
Sorry, then: the first post suggested otherwise.

sbrothy said:
I've been running Linux for years.
Me too. As the 'main' PC. But for the sake of numerous other SW, I'm keeping some W machines too.
Linux is great, but sadly it's still not the absolute and easy solution for every problem / for everybody :confused:
 
  • Like
Likes sbrothy
  • #10
Rive said:
Sorry, then: the first post suggested otherwise.


Me too. As the 'main' PC. But for the sake of numerous other SW, I'm keeping some W machines too.
Linux is great, but sadly it's still not the absolute and easy solution for every problem / for everybody :confused:
I agree. I like to play with DAWs (Digital Audio Workstations) and there Linux isn't my first choice. I don't play games but I'd imagine the same goes for them. That is, if linux hasn't caught up, I wouldn't know.

Also, if I have to be absolutely honest Microsoft Developer Studio doesn't really have it's equal on Linux.

Dancing with Android Developer Studio on Linux is also a pretty heavy ordeal (which could be because of the limitations of my HW). Still, writing such a large program in Java seems to me to be asking for trouble.
 
  • #11
sbrothy said:
Dancing with Android Developer Studio on Linux is also a pretty heavy ordeal (which could be because of the limitations of my HW). Still, writing such a large program in Java seems to me to be asking for trouble.
I have been using Android Studio on Ubuntu flawlessly for years.
 
  • #12
I guess it's the limitations of my hardware then. I'm an old-school C/C++ diinosaur. I'm probably a little predujiced against Java
 
  • Sad
Likes Wrichik Basu
  • #13
I have had her install Malwarebytes and run a scan. Looks like it's the "Premium Trial" version, so it won't last forever.
 
  • #14
That icon and process is linked to the nw.js project, which is a NodeJS container that is bundled in a sandboxed chromium environment. I've actually contributed to this codebase a long time ago. So it could be that you're using a program that is deployed as an application with nwjs, or it could be that it's an actual virus that has an icon and process name of nwjs. If you right click on the process name and see where it's running from, it might give you some good info on if you'd expect it to be running or not based on the software you normally use. Another good program to determine software behavior is Process Monitor and Process Explorer

https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

If you run these programs and see that the behavior of that process is doing things that you shouldn't, take steps to remove it. If it's just a normal program that you use day to day and you just didn't realize that it's bundled as an nwjs app, then whitelist it.
 
  • #15
It seems to be associated with launching Zoom, though that could be a coinkydink.
 
  • #16
DaveC426913 said:
It seems to be associated with launching Zoom, though that could be a coinkydink.
Can you upload the folder that the process is coming from and share a link in a PM to me? I can take a look at it for you. If you have the whole folder zipped up, I can extract it and see what kind of NodeJS/javascript is running in it and determine if it's malicious or not.
 
  • #17
sbrothy said:
I guess it's the limitations of my hardware then. I'm an old-school C/C++ diinosaur. I'm probably a little predujiced against Java
Don't worry. It's not bad. I am, after all, a SUN Certified Java Developer, although I think I lost the plastic card somewhere many years ago. :P
 
  • #18
I have been using the built-in Windows Defender and firewall since I bought my laptop with Windows 10. I have never used McAfee on any computer I have had, but I have had these warnings pop up from time to time. Sometimes they tell me my McAfee subscription has expired and have a "Click here to renew" button, so I just delete them.
 

FAQ: What is the NWJS virus and how can I protect my computer from it?

What is the NWJS virus?

The NWJS virus is a type of malware that disguises itself as a legitimate application built using the NW.js framework, which is commonly used for creating desktop applications using web technologies. Once installed, it can perform malicious activities such as stealing data, installing additional malware, or hijacking system resources.

How does the NWJS virus infect computers?

The NWJS virus typically infects computers through malicious downloads, email attachments, or compromised websites. Users may unknowingly install the virus by downloading what appears to be a legitimate application but is actually bundled with malware.

What are the signs that my computer might be infected with the NWJS virus?

Signs of infection can include unusual system behavior such as slow performance, unexpected pop-ups, unauthorized access to personal data, and the presence of unfamiliar applications or processes running on your computer.

How can I protect my computer from the NWJS virus?

To protect your computer from the NWJS virus, ensure that you have up-to-date antivirus software installed and running. Avoid downloading software from untrusted sources, be cautious with email attachments, and regularly update your operating system and applications to patch security vulnerabilities.

What should I do if my computer is already infected with the NWJS virus?

If you suspect that your computer is infected with the NWJS virus, run a full system scan using a reputable antivirus or anti-malware program. Follow the software's instructions to remove any detected threats. Additionally, consider restoring your system to a previous state before the infection occurred and change any passwords that may have been compromised.

Similar threads

How Do I Remove a Persistent Popup Claiming My Computer Is Infected?
Replies
6
Views
2K
How can I fix the constant popup window on my PC after a virus removal?
Replies
15
Views
3K
Should I be worried that I contracted malware?
Replies
3
Views
1K
Security problems with my home PC
Replies
12
Views
2K
Calculators Computer infected by an anti-virus conpany's virus
Replies
21
Views
7K
How can I remove a stubborn virus from my computer?
Replies
15
Views
5K
What is Xp internet security 2011 and how do I remove it from my computer?
Replies
17
Views
4K
What Kind of Virus is Infecting my USB and How Can I Clean It?
Replies
5
Views
3K
How can I protect my flash drive from reformat?
Replies
5
Views
2K
How can I find and remove hidden malware from my computer?
Replies
22
Views
4K

Hot Threads

Recent Insights

Back
Top