Jump to content
  • Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
Sign in to follow this  


Recommended Posts


I today installed a program that was originally suppose to be...

WhoCrashed Professional 3.01

Which seems to be a fake 33MB file (when compressing it in Winrar, it compresses to 34kbs)


On running the program exe, my Kaspersky Anti Virus kept blocking access to


gate.php Denied:


(analysis using the database of suspicious URLs) 26/08/2011 16:13:28


Kaspersky was showing an exe file within the SysWow64 folder called silverlight-runtime.exe which was the file attempting to access the above URL.


The file was not removable as it was locked. After a reboot the file was now hidden and it seems windows baloon tips was disabled.

And also Windows Restore just fails.


Both Kaspersky and Virus total online scan does NOT detect this file as a virus.


I've managed to remove silverlight-runtime.exe by going into windows repair console and removing it manually. But I'm curious what other damage / changes have been made?


The attached file password is...



I've sent this to the testing lab but I really want to know if I'm still at risk.


Is anyone able to help please?

Edited by bented

Share this post

Link to post
Share on other sites

Welcome. Please don't attempt to link to or attach possible malware on the forum. Instead, you may send such to the Lab, as indicated in the third Important topic.


If you suspect malware issue, please see the first Important topic; instructions for logs are there.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this