[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Hello /g/, I have an unusual (at least for me) instance happening

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Hello /g/, I have an unusual (at least for me) instance happening
Thread replies: 6
Thread images: 2

Anonymous
2017-05-01 10:49:02 Post No.
[Report] Image search: [Google]
File: 2017-05-01_13h39_34.png (7KB, 678x139px) Image search: [Google]
2017-05-01_13h39_34.png
7KB, 678x139px
Anonymous 2017-05-01 10:49:02 Post No. [Report]
Hello /g/, I have an unusual (at least for me) instance happening on my pc. My system keeps creating this lil jon directly on my C:/ base for about last couple of weeks, when I delete it it coems back, details doesn't give any info, copied over my desktop and opened with notepad and only thing notable was the [LordPE] text at header. Doesn't give any right-click options so I could upload to viroustotal at least, etc.

it's a .pif file, WPA shows that it creates only System threads and nothing else, but it wasn't there before. Never. Does anyone know any info about it?

Since it being instantly created again after deletion, I managed to trace disk usage through task manager, and only process happens to use disk during this is System and Compressed Memory.

I'm confus. What do?
>>
Anonymous 2017-05-01 10:50:25 Post No.60157422
[Report] Image search: [Google]
Anonymous 2017-05-01 10:50:25 Post No.60157422 [Report]
File: 1466181166987.jpg (244KB, 722x830px) Image search: [Google]
1466181166987.jpg
244KB, 722x830px
>>
Anonymous 2017-05-01 10:54:11 Post No.60157467
[Report]
Anonymous 2017-05-01 10:54:11 Post No.60157467 [Report]
>>60157422
too late.
>>
Anonymous 2017-05-01 10:57:27 Post No.60157500
[Report]
Anonymous 2017-05-01 10:57:27 Post No.60157500 [Report]
>using malwareOS

https://www.ubuntu.com/download/desktop
You know what to do.
>>
Anonymous 2017-05-01 10:58:07 Post No.60157507
[Report]
Anonymous 2017-05-01 10:58:07 Post No.60157507 [Report]
Alright I've duplicated it as .txt and uploaded to virustotal. it says Sality.

FUCKING SALITY

fug
>>
Anonymous 2017-05-01 11:35:53 Post No.60157885
[Report]
Anonymous 2017-05-01 11:35:53 Post No.60157885 [Report]
>>60157507
Installation[edit]
Sality infects files in the affected computer. Most variants use a DLL that is dropped once in each computer. The DLL file is written to disk in two forms, for example:

%SYSTEM%\wmdrtc32.dll
%SYSTEM%\wmdrtc32.dl_
The DLL file contains the bulk of the virus code. The file with the extension ".dl_" is the compressed copy. Recent variants of Sality, such as Virus:Win32-Sality.AM, do not drop the DLL, but instead load it entirely in memory without writing it to disk. This variant, along with others, also drops a driver with a random file name in the folder %SYSTEM%\drivers. Other malware may also drop Sality in the computer. For example, a Sality variant detected as Virus:Win32-Sality.AU is dropped by Worm:Win32-Sality.AU.[1] Some variants of Sality, may also include a rootkit by creating a device with the name Device\amsint32 or \DosDevices\amsint32.[6]
Thread posts: 6
Thread images: 2
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.