IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> silverlight-runtime.exe
bented
post 26.08.2011 21:22
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 26.08.2011




I today installed a program that was originally suppose to be...
WhoCrashed Professional 3.01
Which seems to be a fake 33MB file (when compressing it in Winrar, it compresses to 34kbs)

On running the program exe, my Kaspersky Anti Virus kept blocking access to
CODE
[url="http://scene-treff.org/Panel/gate.php"]http://scene-treff.org/Panel/gate.php[/url]

gate.php Denied:
CODE
[url="http://scene-treff.org/Panel/gate.php"]http://scene-treff.org/Panel/gate.php[/url]
(analysis using the database of suspicious URLs) 26/08/2011 16:13:28

Kaspersky was showing an exe file within the SysWow64 folder called silverlight-runtime.exe which was the file attempting to access the above URL.

The file was not removable as it was locked. After a reboot the file was now hidden and it seems windows baloon tips was disabled.
And also Windows Restore just fails.

Both Kaspersky and Virus total online scan does NOT detect this file as a virus.

I've managed to remove silverlight-runtime.exe by going into windows repair console and removing it manually. But I'm curious what other damage / changes have been made?

The attached file password is...
newvirus

I've sent this to the testing lab but I really want to know if I'm still at risk.

Is anyone able to help please?

This post has been edited by bented: 26.08.2011 21:29
Go to the top of the page
 
+Quote Post
bented
post 26.08.2011 22:04
Post #2


Newbie
*

Group: Members
Posts: 3
Joined: 26.08.2011




http://www.getsysteminfo.com/read.php?file...4cf4995a0e15c80
Go to the top of the page
 
+Quote Post
bented
post 27.08.2011 01:40
Post #3


Newbie
*

Group: Members
Posts: 3
Joined: 26.08.2011




Hopefully this file will show ?
Go to the top of the page
 
+Quote Post
richbuff
post 27.08.2011 02:24
Post #4


Are You Kidding?
*****************

Group: Moderators
Posts: 1000084
Joined: 14.06.2007




Welcome. Please don't attempt to link to or attach possible malware on the forum. Instead, you may send such to the Lab, as indicated in the third Important topic.

If you suspect malware issue, please see the first Important topic; instructions for logs are there.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 25.10.2014 11:02