Found AutoIt Malware

[Headcool 0]

I did run a scan via herdprotect today. It found a file called "INskGZ.backup". I uploaded this and other files in the Malware Submission Subforum. There was also an AutoIt script which seems to have executed, but I'm not 100% sure.It contains some code which exits the script if programs like Sandboxie, Vmware Tools, Wireshark, etc are running. Since I have Sandboxie running, but not all the time, it might have executed or not.

I did run Emsisoft, Herdprotect and Hitman Pro Alert, but they haven't found anything. Since the AutoIt Script is not detected by any AV today (0/54 according to Virustotal), I think there might still something malicious left.

[stapp 153]

Follow the steps here and attach the requested logs then one of our experts can help you.

 

http://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

[Headcool 0]

I removed some entries from the FRST.txt and Addition.txt out of privacy reasons. However I am sure they are not the reasons of my problems.

I also noticed, that these INskGZ files reappeared under C:\programdata because I deleted them earlier today, but they are there again.

EEK log.txt

FRST.txt

Addition.txt

[Kevin Zoll 309]

If you altered your logs they are useless. Only authorized individuals have access to the logs in this area of the support forum.

Attached the unaltered logs to your reply.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.