Hey guys,
I'm looking for a sample of what I believe is a new variant to a Fake AV that in the past had nuked the BFE / BFF registry keys, although this one nukes those and more.
I think this Virus Total report might be the same one with hashes for the infection.
A) I think the name of the program, which resides in appdata\local was named 'srlithw'
B) Link to VirusTotal: https://www.virustotal.com/file/8711146 ... /analysis/
The infection I am looking for is killing all / most of these services:
I'm looking for a sample of what I believe is a new variant to a Fake AV that in the past had nuked the BFE / BFF registry keys, although this one nukes those and more.
I think this Virus Total report might be the same one with hashes for the infection.
A) I think the name of the program, which resides in appdata\local was named 'srlithw'
B) Link to VirusTotal: https://www.virustotal.com/file/8711146 ... /analysis/
The infection I am looking for is killing all / most of these services:
Code: Select all
Thanks![u]Entire Services Entry Missing/Deleted[/u]
AppInfo
BFE
FontCache
IpHlpSvc
MpsSvc
Netman
Netprofm
nsi
PlugPlay
PNRPsvc
QWAVE
Seclogon
Sens
SessionEnv
SharedAccess (Potentially Vista Only)
SLUINotify (Vista Only)
SysMain
UPNPhost
wcncsvc
wcsPlugInService
Windefend
WinHttpAutoProxySvc
WscSvc
wuauserv
WwanSvc
[u]Just ServiceDll Entry Missing/Deleted[/u]
WebClient
RasMan
SensrSvc
WPDBusEnum
