Last week I was asked to check a Windows 7 x64 laptop due an extremely poor performances, so as first step I run a complete scan with AntiMalwareBytes free and Avira Antivirus. This two great free software made a great works cleaning more than 170 infected objects!! After the reboot another scan has been started just to be sure that everything was fine and the results confirmed the clean status.
Two days ago the same laptop starts to create strange links on every USB stick plugged so I start a manual analysis of the behavior (unfortunately my Cuckoo Sandbox is building up and not ready yet): using a clean just formatted pen-drive I copied a test folder on the USB and after few seconds that folder was hidden and replaced by a link with the same folder name addressing the following command:
C:\Windows\system32\cmd.exe /c start mmpifmxnth..vbs&start explorer <folder_name>&exit
[Read more…]
The right place for a safer Net
Latest Tweets
- The latest FantaGhost Daily! https://t.co/XfRNYS6MqW October 31, 2020 9:00 am
- The latest FantaGhost Daily! https://t.co/MTVGgWb5L3 Thanks to @_odisseus #difesaesicurezza #ransomware October 24, 2020 9:00 am
- The latest FantaGhost Daily! https://t.co/oCiWze3Cn5 October 10, 2020 9:00 am
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
