Jump to content

DotNet MSIL / Injector.VGR


Go to solution Solved by parahesap,

Recommended Posts

19 minutes ago, Marcos said:

We've nailed it down. A legit tool was backdoored and loads a malicious dll with zero detection at VT which loads the following encrypted payload:

image.png

I expect the detection to be available momentarily via streamed/pico updates.

Also please confirm that you have enabled the LiveGrid Feedback system for maximum protection.

LiveGrid Feedback system is active. Should I format to Windows 10? Will this problem take a long time to resolve? :) 

Adsız.png

Link to comment
Share on other sites

  • Administrators

You can scan the content of the folder that you supplied to me. If not detected yet, reboot the machine to enforce update of the LiveGrid blacklist.

Link to comment
Share on other sites

  • Solution
52 minutes ago, Marcos said:

You can scan the content of the folder that you supplied to me. If not detected yet, reboot the machine to enforce update of the LiveGrid blacklist.

I see the warning text has changed after restarting the computer. I scanned again and saw it deleted two spyware. You got him, Sir. The alert is no longer displayed. Thank you so much! :)

Adsız.png

Adsız1.jpg

Link to comment
Share on other sites

Looks like my suspicious were correct. It was a coin miner.

The question is was HashCalc actually and deliberately installed? Always opt for portable download versions of utility software like this.

-EDIT- Also think twice about installing or running directly any unsigned software which I assume this HashCalc software was.

Edited by itman
Link to comment
Share on other sites

I am absolutely not interested in mining. What are mining software? I do not know. I have never used it. There was no problem with CPU and GPU statistics. But the important thing is that problem has been solved. I am very grateful.

Edited by parahesap
Link to comment
Share on other sites

3 minutes ago, parahesap said:

There was no problem with CPU and GPU statistics. 

This was because Eset was blocking execution of it when loaded into memory. You're a lucky fellow on this incident.

Hackers usually target servers to drop a miner on to mine bitcoin. But, it does happen with client devices also.

Link to comment
Share on other sites

  • Most Valued Members
14 hours ago, parahesap said:

I am absolutely not interested in mining. What are mining software? I do not know. I have never used it. There was no problem with CPU and GPU statistics. But the important thing is that problem has been solved. I am very grateful.

I suppose the question is have you downloaded or installed anything new recently or opened any email attachments that may have been malware 

Link to comment
Share on other sites

  • Most Valued Members
15 hours ago, parahesap said:

I am absolutely not interested in mining. What are mining software? I do not know. I have never used it. There was no problem with CPU and GPU statistics. But the important thing is that problem has been solved. I am very grateful.

For example this for Bitcoin :

Quote

By mining, you can earn cryptocurrency without having to put down money for it. Bitcoin miners receive Bitcoin as a reward for completing "blocks" of verified transactions which are added to the blockchain.

Malicious software programmers will program miners and spread it to many devices over the internet so they can mine cryptocurrency for themselves on your device , saving themselves the costs of hardware and electricity , now it doesn't look any helpful because still it's 1 device and possibly be weak and not strong

But they aim to infect much larger numbers so they can benefit from it.

So by making a miner , instead of mining on your own 1 PC or buying several devices/GPUs for mining , they go ahead and infect thousands of devices so they can mine fast and without costs.

If it has kicked in and worked like it should , it should utilize most of your CPU/GPU or both and probably your PC will be tired after a good amount of time this has been running.

 

Edited by Nightowl
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...