Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Recommended Posts

Posted

Hi there, 

I want to make you all aware a new kind of malware has arrived and is almost undetected by every antivirus software. 

Malware Fighter in my case detected the .ps1 (Powershell) scripts that this malware left behind in the Windows TEMP folder, but not the malicious task it created in Task Scheduler nor the fake log file hidden as [C:\Windows\logs\system-logs.txt].

The script is encoded with BASE64, which makes it to the normal user almost impossible to identify as malicious. I decoded it and I saw an action was called [Handle_WM_CLIPBOARDUPDATE], I copied this into Google, with only 1 result. And sure enough, malware.

I advise you all to check out https://gist.github.com/infernoboy/cf114fda56ff3706478e0d1e6a1a1b27?permalink_comment_id=4140687#gistcomment-4140687 to read how to delete this malware and how the script looks like (scroll through the thread). It also explains perfectly how the malware works and what it is trying to do, all credits go to @infernoboy on GitHub.

I hope the IObit team as well as other antivirus companies can start monitoring and detecting this. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...