Hello,
About 30 minutes ago my brother downloaded and executed an suspicious installer, it opened and closed some cmds, like it ran some commands, and then, it says it finished.
Is there any possible way to know what this program have done?
Just if it have edit anything from registry, I don’t think it must be a virus, but maybe it edited some settings to make my computer more vulnerable.
I don’t know if there is any way, but please help me to decompile or read the logs files or anything so I can find out what this program have done.
VirusTotal didn’t detect anything, scan: https://www.virustotal.com/es/file/5e45bc15c130689e3c484df7ba9d9aa58f78d369eb221f4df93e5f1f7628ad29/analysis/1431724324/.
Thanks!
Ola Lorenz111,
Might be because it is spyware dating back to 2011, “complicadito” spyware.
Sospechoso means “dubious, suspicious, suspect”. The spyware is active in the Spanish speaking theater.
Produce the log files txts asked for here: https://forum.avast.com/index.php?topic=53253.0
then attach to your next posting.
A qualified removal expert may look into the matter.
As the scan is for a signed and certified software component, it could also be a false positive,
but the qualified remover will inform you of the true nature of the file.
Con Dios,
polonus
Publisher COMPONENTE DE FIRMA DE SOFTWARE DE FNMT-RCM
Signature verification Signed file, verified signature
Signers
[+] COMPONENTE DE FIRMA DE SOFTWARE DE FNMT-RCM
[+] AC Componentes Informáticos
[+] AC RAIZ FNMT-RCM
About 30 minutes ago my brother downloaded and executed an suspicious installer,Why did he download it? ...... what did he think it was?
Is there any possible way to know what this program have done?Google the above and find out
Hi Pondus and Lorenz111,
Only 5% of users removed it, 95% decided to keep the software program: http://www.shouldiremoveit.com/Configurador_FNMT-40945-program.aspx
almost 94% of installations are found inside Spain.
How the renew the certification (Certificado digital) for the tool (in Spanish): http://www.adminfacil.es/como-renovar-el-certificado-de-la-fnmt-en-internet-explorer-11/
polonus
Okay, I figured it out and it was a good program. Also have a uninstaller and the only thing what is changed in the registry was easy to remove.
Also it was a good program, but suspicious.
Thanks to all, I don’t need more help. Thanks!