RE: (URGENT) Help Malware, Duplicates Infected. 12-28-2017, 01:42 AM
#5
@mothered @reGEN
It seems that it does not reside in task manger, services
When my Mbam kills it and i reboot my system it is a Backdoor. here is the report.
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 12/27/17
Protection Event Time: 10:21 PM
Log File: 279d7576-eaf8-11e7-9c81-507b9d6086cd.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3566
License: Premium
-System Information-
OS: Windows 10 (Build 15063.786)
CPU: x64
File System: NTFS
User: System
-Blocked Malware Details-
File: 1
Backdoor.Remcos, C:\Users\UB4R\AppData\Local\Temp\tmp.exe, Quarantined, [283], [461437],1.0.3566
(end)
When the backdoor is terminated
Domain: fzsification.bounceme.net
IP Address: 165.227.29.57
Port: [50590]
Type: Outbound
File: C:\Users\UB4R\AppData\Local\Temp\.exe
Appers and keeps getting terminated without actually stopping, it resides in chrome and it is a hosting website to my knowledge when i visited it.
Summary: Backdoor.remcos is created when rebooting pc, but is terminated by MBAM, once it is terminated Domain: fzsification.bounceme.net Keeps duplicating and being terminated by MBAM .
The Malware tool used is remcos
Remcos v1.9.7 – 13 december 2017
Update after update, Remcos large array of functions has increased longer and longer.
Remcos includes so many functions, that sometimes it was confusing to navigate among them all!
This new release features a new type of functions menu, where all the functions are grouped into Categories:
System Management
Surveillance
Network functions
Extra functions
Remcos Remote Agent Management
You are always able to switch to the classic, expanded menu in Local Settings -> Preferences.
The new release also features fixes and tweaks.
Any feedback and comment is appreciated as always!
Here is complete changelog:
[+] Added new “Categorized style” functions menu. It can be possible to switch to the classic, “expanded” menu via the local settings.
[*] Rearrangements and changes to menu GUI and some shortkeys
[*] File Manager: fixed bug in C&C code when downloading very small files (below 65 kb)
[*] Other minor tweaks
Video demo of new v1.9.7:
It seems that it does not reside in task manger, services
When my Mbam kills it and i reboot my system it is a Backdoor. here is the report.
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 12/27/17
Protection Event Time: 10:21 PM
Log File: 279d7576-eaf8-11e7-9c81-507b9d6086cd.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3566
License: Premium
-System Information-
OS: Windows 10 (Build 15063.786)
CPU: x64
File System: NTFS
User: System
-Blocked Malware Details-
File: 1
Backdoor.Remcos, C:\Users\UB4R\AppData\Local\Temp\tmp.exe, Quarantined, [283], [461437],1.0.3566
(end)
When the backdoor is terminated
Domain: fzsification.bounceme.net
IP Address: 165.227.29.57
Port: [50590]
Type: Outbound
File: C:\Users\UB4R\AppData\Local\Temp\.exe
Appers and keeps getting terminated without actually stopping, it resides in chrome and it is a hosting website to my knowledge when i visited it.
Summary: Backdoor.remcos is created when rebooting pc, but is terminated by MBAM, once it is terminated Domain: fzsification.bounceme.net Keeps duplicating and being terminated by MBAM .
The Malware tool used is remcos
Remcos v1.9.7 – 13 december 2017
Update after update, Remcos large array of functions has increased longer and longer.
Remcos includes so many functions, that sometimes it was confusing to navigate among them all!
This new release features a new type of functions menu, where all the functions are grouped into Categories:
System Management
Surveillance
Network functions
Extra functions
Remcos Remote Agent Management
You are always able to switch to the classic, expanded menu in Local Settings -> Preferences.
The new release also features fixes and tweaks.
Any feedback and comment is appreciated as always!
Here is complete changelog:
[+] Added new “Categorized style” functions menu. It can be possible to switch to the classic, “expanded” menu via the local settings.
[*] Rearrangements and changes to menu GUI and some shortkeys
[*] File Manager: fixed bug in C&C code when downloading very small files (below 65 kb)
[*] Other minor tweaks
Video demo of new v1.9.7:
(This post was last modified: 12-28-2017, 01:45 AM by PythonRaze.)
![[Image: aoupld9b489.png]](http://www.auplod.com/u/aoupld9b489.png)
Why is it so bright here?
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)