Jump to content
  • Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
Sign in to follow this  
bented

silverlight-runtime.exe

Recommended Posts

bented   

I today installed a program that was originally suppose to be...

WhoCrashed Professional 3.01

Which seems to be a fake 33MB file (when compressing it in Winrar, it compresses to 34kbs)

 

On running the program exe, my Kaspersky Anti Virus kept blocking access to

[url="http://scene-treff.org/Panel/gate.php"]http://scene-treff.org/Panel/gate.php[/url]

gate.php Denied:

[url="http://scene-treff.org/Panel/gate.php"]http://scene-treff.org/Panel/gate.php[/url]

(analysis using the database of suspicious URLs) 26/08/2011 16:13:28

 

Kaspersky was showing an exe file within the SysWow64 folder called silverlight-runtime.exe which was the file attempting to access the above URL.

 

The file was not removable as it was locked. After a reboot the file was now hidden and it seems windows baloon tips was disabled.

And also Windows Restore just fails.

 

Both Kaspersky and Virus total online scan does NOT detect this file as a virus.

 

I've managed to remove silverlight-runtime.exe by going into windows repair console and removing it manually. But I'm curious what other damage / changes have been made?

 

The attached file password is...

newvirus

 

I've sent this to the testing lab but I really want to know if I'm still at risk.

 

Is anyone able to help please?

Edited by bented

Share this post


Link to post
Share on other sites
richbuff   

Welcome. Please don't attempt to link to or attach possible malware on the forum. Instead, you may send such to the Lab, as indicated in the third Important topic.

 

If you suspect malware issue, please see the first Important topic; instructions for logs are there.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×