Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Extremely suspicious script

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Extremely suspicious script

Unread postby Chase87 » November 28th, 2017, 2:16 pm

Today was really scary. When I came home I noticed my laptop having booted up from sleep. My CPU was active, and what it was running is exteremly suspicious.
On startup it was running "cmd.exe /c C:\SysWOW64\del.bat" in the background .. this file was created from the Administrator account. It's content is the following script:
Code: Select all
@Echo Off
cd /d C:\Windows\SysWOW64\
:Start
del svchost.exe
If Exist svchost.exe Goto Start
del %0


It seemed it never reached the last line, in which the script would delete itself. I'm supposing this is a failed attempt to hijack the system svchost. I could not find *anything* on Google.

Scary!
Any ideas on how to investigate this further?
Chase87
Active Member
 
Posts: 2
Joined: November 28th, 2017, 2:06 pm
Advertisement
Register to Remove

Re: Extremely suspicious script

Unread postby Chase87 » November 28th, 2017, 2:18 pm

System svchost.exe is reported clean by virustotal online check.
Also virus/malware scanners don't find anything, obviously.
Chase87
Active Member
 
Posts: 2
Joined: November 28th, 2017, 2:06 pm

Re: Extremely suspicious script

Unread postby mAL_rEm018 » November 28th, 2017, 2:28 pm

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.

If you still need help, please start a new thread an include your FRST logs:
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.

If for any reason you can't run FRST, please let us know in your post.

This topic is now closed.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 105 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware