Jump to content

Malware on PC


Recommended Posts

Hi guys,

One of our clients have a nasty piece of Malware that's somewhat crippled due to policies we put in place preventing executables from running in temp directories, but it still creates random folders on the user desktop and possibly breaking an application.
After recreating the profile, the folders have returned 20 days later, but no more encryption attempts due to the policies.

See screenshots for the folders, owner is administrators so not much to go on there.
checked usual startup items in the registry HKLM and HKCU\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce
MSCONFIG and scheduled tasks, nothing out of the ordinary there

Ran Malware Bytes, Hitman pro, Malware Bytes Anti Rootkit but none find anything.

Let me know if there is anything else I can do, I have added the FRST and Addition files, haven't seen anything out of the ordinary in there, but I could have overlooked something.

 

 

Addition.txt

FRST.txt

folders 2AUG2016.PNG

folders 23AUG2016.PNG

Link to post
Share on other sites

  • Staff

Hello SvenBNE!

I want to have you check some of the files that I am seeing in this FRST log. Do you mind if I create a ticket so I can ask you to run some instructions? I want to keep any information that may be sensitive out side of public view since this is a business computer. If you are ok with this, do you mind sending me a PM with your e-mail so I can create that ticket? 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.