Jump to content

hxkds.exe


Flow

Recommended Posts

Hi folks, this was flagged as a trojan. When opened in Notepad++ reveals as follows:

Virustotal and Viruscan find nothing off. Any thoughts as to what this thing is?

<!DOCTYPE html> 
<html>
<head>
    <meta charset="utf-8" />
    <meta name="robots" content="index, follow" />
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="keywords" content="errp, expired, registration, recovery, policy" />
    <meta name="description" content="Expired Registration Recovery Policy" />

    <link type="text/css" rel="stylesheet" media="all" href="/assets/css/screen.css" />

    <link type="image/x-icon" rel="shortcut icon" href="/assets/img/favicon.png" />
    <link rel="apple-touch-icon" href="/assets/img/favicon.png" />

    <title>ERRP | Expired Registration Recovery Policy</title>
</head>

<body>
    
    <div id="wrapper">    

        <header>
            <a href="/index.php"><img src="/assets/img/errp_logo.png" alt="ERRP Logo" /></a>
            <h2>Expired Registration Recovery Policy</h2>
        </header>

<div class="separator"> </div>

    <div class="contentbox">
        <div class="contentbox_top">
                <div class="contentbox_bottom">
                    <p>
                        <b>Please notice:</b><br />
                        This domain name registration has expired and renewal or deletion are pending. If you are the registrant and want to renew the domain name, please contact your registration service provider.
                    </p>    

                        <img src="/assets/img/flag_us.png" alt="American Flag" />            
                </div>
        </div>
    </div>

    <div class="separator"> </div>

    <div class="contentbox">
        <div class="contentbox_top">
                <div class="contentbox_bottom">
                    <p>
                        <b>Bitte beachten Sie:</b><br />
                        Diese Domainregistrierung ist abgelaufen und die Verl&auml;ngerung oder L&ouml;schung der Domain stehen an. Wenn Sie der Registrant sind und die Domainregistrierung verl&auml;ngern m&ouml;chten, kontaktieren Sie bitte Ihren Service-Provider.
                    </p>

                
                        <img src="/assets/img/flag_de.png" alt="German Flag" />
        

                </div>
        </div>
    </div>

    <div class="separator"> </div>

    <div class="contentbox">
        <div class="contentbox_top">
                <div class="contentbox_bottom">
                    <p>
                        <b>Por favor, tenga en cuenta:</b><br />
                        Este registro del dominio ha expirado y la renovación o la supresión del dominio está pendiente. Si usted es el registrante de dominio y quiere renovar el nombre de dominio, por favor póngase en contacto con su proveedor de servicios. 
                    </p>

        
                        <img src="/assets/img/flag_es.png" alt="Spanish Flag" />


                </div>
        </div>
    </div>

<div class="separator"> </div>

    <footer>
    <a href="/legalnotice.php">© 2014 ERRP</a> 
    </footer>

</div> <!--wrapper-->
<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-57183583-1', 'auto');
  ga('send', 'pageview');

</script>
</body>
</html>

Link to post
Share on other sites

  • Staff

Ok i know whats going on now.

This filename heuristic is from a long dead infection. The content of the file we detected is basically a web page saying that the link to download the malware file doesnt exist anymore.

You can go ahead and delete it with malwarebytes. If it comes back and is detected again then i recommend going to the malware removal forums and having them take a look at your pc. This isnt a fp but the link is long dead that would of put an executable file there. 

 

 

Edited by shadowwar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.