- Apr 8, 2024
- 2
Hello Malware Tips Community,
I'm in a bit of a bind and desperately need your expertise. Yesterday, around 6:30-7:00 PM (GMT +8), I mistakenly executed a file I downloaded from the Internet. Only after running it did I realize its malicious intent, evident from a suspicious pre-build event in the code. Here is the code in question:
Since then, my PC has been automatically downloading a .7z file to the "AppData/Local/Temp" folder every hour on the hour. This archive contains "aitstatic.exe", "ComSvcConfig.exe", and "MicrosoftCertificateServices.exe." Additionally, every time I start my computer, 2-3 command prompt windows briefly appear, and files named "Service.exe", "b.bat", and "b.vbs" are created in various public user folders (e.g., Public Downloads, Public Documents).
I've attempted to clean this infection with both Malwarebytes and Avast, but to no avail. The threat names reported by Avast vary, including IDP.HELU.SHADOW18, Script:SNH-gen [Trj], Win64:Malware-gen, and Win32:InjectorX-gen [Trj].
I am at my wit's end and worry about the safety of my personal data and the integrity of my system. Could anyone provide guidance on how to thoroughly remove this persistent malware? Any assistance or advice on tools and procedures to follow would be immensely appreciated.
Thank you in advance for your time and help.
I'm in a bit of a bind and desperately need your expertise. Yesterday, around 6:30-7:00 PM (GMT +8), I mistakenly executed a file I downloaded from the Internet. Only after running it did I realize its malicious intent, evident from a suspicious pre-build event in the code. Here is the code in question:
Since then, my PC has been automatically downloading a .7z file to the "AppData/Local/Temp" folder every hour on the hour. This archive contains "aitstatic.exe", "ComSvcConfig.exe", and "MicrosoftCertificateServices.exe." Additionally, every time I start my computer, 2-3 command prompt windows briefly appear, and files named "Service.exe", "b.bat", and "b.vbs" are created in various public user folders (e.g., Public Downloads, Public Documents).
I've attempted to clean this infection with both Malwarebytes and Avast, but to no avail. The threat names reported by Avast vary, including IDP.HELU.SHADOW18, Script:SNH-gen [Trj], Win64:Malware-gen, and Win32:InjectorX-gen [Trj].
I am at my wit's end and worry about the safety of my personal data and the integrity of my system. Could anyone provide guidance on how to thoroughly remove this persistent malware? Any assistance or advice on tools and procedures to follow would be immensely appreciated.
Thank you in advance for your time and help.
Last edited by a moderator: