Milos
5
Jo mate pravdu, je to malware:
“ForzaHorizonPC.exe” (https://www.virustotal.com/en/file/6c9424ef5584a008d7393edb27f85f02c63c14abb5282f6b5cf68654393aaab1/analysis/1371806910/)
a stahne to do Windows adresare (napr.: c:\Windows) soubory:
“wininit.exe” (https://www.virustotal.com/en/file/dcbcfd7940a6c2d2029f07ade84b9e10281d2c4236f65a3ac36e4da7eac7f8b3/analysis/1371802126/)
“javaw.exe” (https://www.virustotal.com/en/file/0b2cb0a1f6b4083f987563081cba20a6a9b3344a53ab26305566e320ca9f2b0a/analysis/1371802142/).
Pokud pak kliknete na “Launch Game”, tak se ty stazene soubory spusti.
Budete mi v “Start Menu\Programs\Startup\Skype.lnk” takze se tam vzdy po nabehnuti PC znovu spusti ten malware – kouknete se do tohoto zastupce, kam vede a to je ten malware (bude tam neco jako “<user_dir>\Application Data\WindowsLogonSS\usft_ext.exe.vbs” /Arguments:Shortcut").
V adresari "<user_dir>\Application Data\dclogs" vypada, ze je zaznam nejakeho keyloggeru
V adresari "<user_dir>\Application Data\WindowsLogonSS" je ten malware (keylogger, bitcoinminer)
a jeste jeden kousek je taky v “<user_dir>\Local Settings\Temp\wininit.exe”.
Ty stazene soubory by se mely jiz detekovat, URL pridam do blokace.
Milos