Guys, I've had these for the past day or so now, and MBAM won't pick anything up as a threat, though it keeps reappearing even after a full scan.
What type of virus is this? What can I do to get rid of it? Have you ever seen anything like this before yourselves?
trisquel.info
>>54304491
what does virustotal say about it?
>Original filename: neque.jpg
what is this? does windows keep track of previous filenames? how did it get changed?
>>54304540
doing that now. I hadn't heard of VT. thanks.
...here we go, but I'm not sure what to make of this
https://www.virustotal.com/en/file/909324cc5cb722a8363239e3c01a5f0de1507bd4c3c77ad32b3782829b12e39c/analysis/
>>54304566
There was a previous one I deleted, perhaps that could have something to do with it?
Pic related.
So should I delete this now, or send it to someone for analysis? In short, is it a new thing we haven't seen, or is it common? I ask because the freaky latin shit.
>>54304579
Meh, sadly the results are kinda generic and some are from heuristic engines.... It didn't help much.
Just do the same thing you do with every other virus:
Find why it's starting when you start your pc and delete that.
Try looking in windows registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and in general in [HKEY SOMETHING]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Also look in the tasker: https://technet.microsoft.com/en-us/library/cc721931.aspx
And in other startup locations:
http://forum.thewindowsclub.com/windows-tips-tutorials-articles/26430-windows-registry-startup-paths.html
(or search google for more)
If you see something like adegjaodgjdosgfjdgjgjoidjagoidjogid.exe delete that.
>>54304667
Well, I had some sort of malware disguise itself as privoxy the other day, and keep getting some PUPs in MBAM, so I deletge those, and sometimes quarantine deletes things from the registry. Perhaps they're related, as they keep coming back sometimes.
HOWEVER. If after doing everything you suggest it still comes back, what do?
Also, it detects it on AVG, allegedly, so I'm downloading that to try and do it that way as well. It's not as god as MBAM but it was always useful for things MBAM never found.
>>54304749
Once your system has been compromised, the right course of action is to reinstall everything and change all passwords.
>>>
http://virusinfo.info/forumdisplay.php?f=84&s=310ba62cff4edc836ccb40bea603753b
>>54304828
which link do I click on that page?
>>54304874
>http://virusinfo.info/forumdisplay.php?f=84&s=310ba62cff4edc836ccb40bea603753b
You have to create an account there and topic, so you'll be able to get help there. I also think there are more English forums like that, not sure.
If I'd had a trouble like this, I'd have downloaded SysInternals pack and run Autoruns to check if this prog is in autorun.
>>54304491
Boot to linux, mount your system drive, remove all suspicious files
so simple
