Jump to content

Found PowerShell/TrojanDownloader.Agent trojan - returns again and again


corsec

Recommended Posts

Hi,

as mentioned ihere I have the same problem. I tried to find the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244} but I didn't find it. Is it possible that I should find it under another key? image.thumb.png.6220dcbc14917db54d5175917c2ab3ac.png

 

 

Thanks in advance

Claudia

Link to comment
Share on other sites

5 hours ago, corsec said:

I tried to find the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244} but I didn't find it. Is it possible that I should find it under another key? 

This current infection appears to be WMI based. Most likely a malicious consumer event entry. SysInternals Autoruns: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns might or might not show the malicious WMI event entry.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...