Jump to content

Infected? Yay or nay?


Recommended Posts

OK this might sound stupid but I downloaded a sample of CryptoWall the fourth version or variant of it for analyzing purpose as I am a student of software engineering university and a passionate of reverse engineering and studying it in a way.

I have a small virus zoo in my hard drive containing samples of over 1300 famous and infamous computer viruses all RARed and locked tight and whenever I hunt a sample from the web I work very carefully with it and mostly in a virtual machine but this time I was directly on my PC

 I downloaded the sample from this page http://www.malware-traffic-analysis.net/

And when I extracted the RAR file to some\path\on\my\desktop I noticed that there are some files getting created on my desktop especially on the folder that had the sample in it, random files with .tmp and .enc extensions and my external hard drive light started to blink so I unplugged my external hard drive immediately and as I don't have anything important on that PC so I reinstalled Windows and formatted my hard drives.

Now the problem is when I plugged my external hard drive to my other PC which is running Windows OS too things got a little suspicious, my AV (avast Free antivirus) got disabled unexpectedly, MBAM stopped responding and I got a message saying that I'm running out of RAM even tho I have 8gigs of RAM and no extra programs installed except a browser, an AV and MBAM and some programming tools. I re-enabled my AV and MBAM and scanned my whole system but the results were clean. I tried Kaspersky's rescue disk and so on BitDefender's rescue disk but it keeps saying my PC is clean. 

I downloaded some virus scanners like Hitman Pro and etc and scanned my PC they also had a clean result. But I believe something is wrong with my PC, I'm still having .tmp and .enc files getting created in my desktop.

Now I'm asking you, was that the RAR file (which had the samples) that had an embedded payload to it or what? I haven't opened any file when I was extracting the sample.. Does the RAR file had the payload? 

And what should I do now to get the situation fixed?


FYI: None of my files are encrypted yet but I'm seeing strange shits crawling in my PC


Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.