Hello /g/, I have an unusual (at least for me) instance happening on my pc. My system keeps creating this lil jon directly on my C:/ base for about last couple of weeks, when I delete it it coems back, details doesn't give any info, copied over my desktop and opened with notepad and only thing notable was the [LordPE] text at header. Doesn't give any right-click options so I could upload to viroustotal at least, etc.
it's a .pif file, WPA shows that it creates only System threads and nothing else, but it wasn't there before. Never. Does anyone know any info about it?
Since it being instantly created again after deletion, I managed to trace disk usage through task manager, and only process happens to use disk during this is System and Compressed Memory.
I'm confus. What do?
>>60157422
too late.
>using malwareOS
https://www.ubuntu.com/download/desktop
You know what to do.
Alright I've duplicated it as .txt and uploaded to virustotal. it says Sality.
FUCKING SALITY
fug
>>60157507
Installation[edit]
Sality infects files in the affected computer. Most variants use a DLL that is dropped once in each computer. The DLL file is written to disk in two forms, for example:
%SYSTEM%\wmdrtc32.dll
%SYSTEM%\wmdrtc32.dl_
The DLL file contains the bulk of the virus code. The file with the extension ".dl_" is the compressed copy. Recent variants of Sality, such as Virus:Win32-Sality.AM, do not drop the DLL, but instead load it entirely in memory without writing it to disk. This variant, along with others, also drops a driver with a random file name in the folder %SYSTEM%\drivers. Other malware may also drop Sality in the computer. For example, a Sality variant detected as Virus:Win32-Sality.AU is dropped by Worm:Win32-Sality.AU.[1] Some variants of Sality, may also include a rootkit by creating a device with the name Device\amsint32 or \DosDevices\amsint32.[6]