van0014
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by van0014
-
-
For a while i’ve been adapting to Linux, preparing for the possibility of windows as a service. It didn’t seem to happen though. Debian has still became my main system, because of a few other things I don’t like so much about ms. Like the rewards stuff being build into the system. And smartscreen declaring all programs that don’t apply for ms approval as not good, popping up a big ‘smartscreen has protected your computer’, tricking every day users into thinking it’s stopped a bad program, when it came to the conclusion a bit early. It turns out to be an ok preemptive thing, but annoying when it’s misrepresenting good programs. Or also programs i’ve made. It could have an option to scan it. Something less obscure than the message it has
-
It seems ok. I even traced the ps1 agent detection that I posted a screenshot of, and when I took the script out of quarantine and viewed it, it seemed to be a file included in an arduino library. A template that could be used by someone making a ducky exploit. An unusual thing to find in an arduino library.
I’ve kept a trial of ESET internet running in the background, and it hasn’t noticed anything unusual with real time protection. I even changed many of my passwords after reading into the VirusTotal stuff, and getting worried about the potential for them to be taken. But it’s possible the virus didn’t get a chance to do that yet
-
-
The first time I ran the program, the computer restarted. I'm not sure if it had a chance to complete
-
It's going well, nearly finished. I ran it a second time, because the logs were very small, and didn't contain any information about the detections
-
Thankyou for going through this process with me. Good night
-
An interesting event occured in ESET
-
It's very pleasing to see Windows Resource Protection making some changes!
I may have found that program using the only search term I remembered: Adware
C:\windows\SysWOW64\K8062e.exe - is adware program Adware.DealPly.506
But the program seems to have removed it
-
The scan completed, and found one item. I may have closed the program at that point. Not sure if it has removed it, but I can run it again to be sure
-
I might have made a mistake allowing that one past windows defender. There's a github entry about it, and I came to the conclusion that it was a necessary part of a program called SigmaHQ, which I've never used before, but it seemed useful. I assumed it was a well known program, but will remove it. And although i'm generally skilled with computers, it's something I don't know a whole lot about.
Thankyou for helping me with this. This other scanner you suggested has found an adware program in a system folder, SysWOW64. I'm happy to see things being found!
-
Yes, this program I had downloaded, after looking into the VirusTotal results. I wanted to try and find a program that could detect this
-
I'm having trouble running the ESET online program. Each time it nearly finishes updating the definition, it closes. I've installed a trial of ESET internet security in the meantime, unfortunately in doing this, i'm not strictly adhering to the instructions given to me, not to install or uninstall things
-
David, thanks for checking those VirusTotal reports and updating them. I'm a bit new to this process
JSntgRvr, thanks for helping me to recover from this virus. I'll upload the FRST file, and will also read through it, out of curiosity, and wanting to make sure it's able to restore things. I like to read through and understand what's happening, and to do some of it myself if possible. To try and follow clues for what's happened on the computer. I'll add any results from ESET
-
1
-
-
Hello,
I downloaded something sketchy recently, and was fascinated when it ran a script, but didn't install the program I wanted. Then curiosity got to me, and I saved the temporary files it made, before closing the powershell console.
After editing the script, I felt safe enough to rerun it. It downloads 3 exes, including the opera browser. One or two of these were detected as a virus. The first one however, which included the Opera browser, was not detected by virustotal, except by it's behavioural analysis. And in this analysis, it found a reference to laZagne, a password stealing program
This is the report for the 3 files: https://www.virustotal.com/gui/file/7d3d67d0eb714db873bf26a73f55aa6481a4be84eb24828a48a53ee71126b08c/behavior
https://www.virustotal.com/gui/file/da1b144b5f908cb7e811489dfe660e06aa6df9c9158c6972ec9c79c48afacb7e
I've ran a few antivirus programs, but don't feel confident yet that it's been removed, since the undetected file seemed to include a password miner
Addition_18-09-2024 08.57.15.txt FRST_18-09-2024 08.57.15.txt Shortcut_18-09-2024 08.57.15.txt malwarebytes-log.zip
powershell virus - 1 of 3 exes undetected (virustotal) but seems malicious
in Resolved Malware Removal Logs
Posted
The program completed. A few days ago, I was worried about what the software I downloaded might be doing, and not being able to stop it. But after having you guide me through, I don't have to worry anymore. This computer is under control again. I'm thankful to be able to go onto a forum like this, and to have you go through all of this, to get me back to normal again