Lukebad

Repeated tries to modify autorun

Recommended Posts

Hello all!

Recently I've been getting multiple warnings of a process trying to modify autorun files.

It's always an executable with random letters and numbers, digitally signed by "Solucoes e Suporte Informatica SC LTDA", with the contact email being "[email protected]".

I'm not at the computer that accuses this at the moment, but I will provide screenshots later. This post is so I can remember to do so.

I have quarantined every try so far, and it's always in couples. Emsisoft will warn me, I'll quarantine it, and a few seconds later another string pops up trying to do the same thing.

Then it takes a couple of minutes without activity to pop up again.

 

I apologise for not having the screenshots with me, but I shall post them later.

Also in the meantime, maybe if someone knows what this is, I can make use of that knowledge.

 

Cheers and sincere thanks,

Lucas

Share this post


Link to post
Share on other sites

Hello,

 

i did a search in the VirusTotal database and in our database for the MD5 and SHA-1 Hashes. Unfortunately the hashes was not found.

 

So i suggest to block this behavior.

 

Would it be possible to get access to your system via remote desktop solutions like TeamViewer to further debug the problem?
 

Share this post


Link to post
Share on other sites

Can you upload the files to VirusTotal to check if those are malicious?

 

Ok, I will try to do that.

The files do disappear after I click "quarantine", however.

The last one Emsisoft was scanning didn't ask me to block or accept it, so I'm a bit worried.

(After the "Scanning a program with Emsisoft Anti-Malware...", the decision window didn't pop up!)

But the .exe disappeared anyway, so maybe it auto-blocked?

 

Hello,

 

i did a search in the VirusTotal database and in our database for the MD5 and SHA-1 Hashes. Unfortunately the hashes was not found.

 

So i suggest to block this behavior.

 

Would it be possible to get access to your system via remote desktop solutions like TeamViewer to further debug the problem?

 

 

Sure, if the Emsi staff is willing to do such a thing, I'll gladly comply.

How does it work?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.