Jump to content

ProcessHacker, HRSWord/Sysdiag, NetCat and TDSSKiller detection


miekiemoes

Recommended Posts

  • Staff

We have seen an increase of Malware, especially Ransomware, installing ProcessHacker, TDSSKiller, HRSWord and Sysdiag (mostly via BruteForce Attacks) in order to disable Antivirus and other Security applications, so they can install their malware.

We have also seen an increase of malware that uses NetCat (since it has the ability to use this as a Remote Shell to target systems and allow threat actors to take control of those systems).
That's why Malwarebytes (and many other Antivirus Companies) have decided to detect these as Riskware or HackTools.

If you installed these programs/tools willingly, then you can always add an exclusion for the path where these tools reside.
If you are not aware of this being installed, it's strongly recommended that you let Malwarebytes remove it.

In the future, if we see that these programs aren't being abused by Malware anymore, we will remove the detection again.

Edited by miekiemoes
added NetCat
Link to post
Share on other sites

  • miekiemoes changed the title to ProcessHacker, HRSWord/Sysdiag, NetCat and TDSSKiller detection
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.