Jump to content

"AIP_AIPSITE" malware?


Recommended Posts

A friend got scammed by people from a certain country who wanted him to pay them for malware removal by way of gift cards.  They suggested getting them at Wal-Mart or a CVS pharmacy.

Yeah.  When they started up with that he phoned me, and I told him "DO NOT TALK TO THEM AND SHUT DOWN YOUR INTERNET CONNECTION".

Seems it was a little late, because they'd already put a new password on his computer, but they no longer had access to it.  I went over there and helped him offload all his files to a thumbdrive.  When we then tried to boot into the optical drive to use DBAN, the computer kept going into the hard drive and that's when we found out the password they said they'd put on his computer was NOT the password they'd used.  Dirty scammers. 

We finally got the machine to boot into the optical drive and DBAN should be done sometime tomorrow morning.

In the meantime we put the rescue thumbdrive into another computer and scanned it (and its own hard drive) with Malwarebytes.  Malwarebytes identified a file that'd been on his computer...a file WE had just "rescued"...as malware.  I don't have the full file name, but it was hidden in his downloads folder, and I'm pretty sure the file name started out "AIP_AIPSITE".

Malwarebytes quarantined the file, and when I later looked into the folder, we couldn't find the file.  (Does quarantining make files disappear like that?)

Does the filename I'm partly remembering sound familiar to anyone?  I couldn't find a THING doing an online search.

It was my thumbdrive, with some of my files on it too.  I hate to think the malware is still hiding in there somewhere.

If anyone can give any moral support here, I'd appreciate it.  

 

 

 

Link to post
Share on other sites

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

All files quarantined by Malwarebytes are saved in the Quarantine folder.
https://www.malwarebytes.com/support/guides/mbam-legacy/History_Q.html
These are are not active and can be deleted.
====

Lets check your system.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
====
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.