2018-06-28 - FAKE AV SCREEN LOCKER (A RELATIVELY EASY FIX)
- 2018-06-28-fake-AV-screen-locker.pcap.zip 83.8 kB (83,775 bytes)
- 2018-06-28-fake-AV-screen-locker-malware-and-artifacts.zip 65.6 kB (65,559 bytes)
- Thanks to @nao_sec for tweeting about this activity here.
- All zip archives on this site are password-protected with a standard password. If you don't know it, see the "about" page of this website.
Shown above: Traffic filtered in Wireshark.
Shown above: This is the warning Window that initially popped up.
Shown above: I clicked "Run" for IEUpdate.hta, which installed a screen locker.
Shown above: Screenshot that of the screen locker that appeared shortly after clicking "Run" for that .hta file.
Shown above: I got past the locked screen by pressing "Control-Alt-Delete" and starting the Task Manager.
Shown above: In the Task Manager, I ended task for an application named "Warning."
Shown above: In the Windows start menu, I worked my way to the Startup folder.
Shown above: In this case, the file in the startup folder was named flux.exe.
Shown above: I also found an executable file in C:\ProgramData\ and deleted it. In this case, the file was named Iyby3vtF.exe.
Click here to return to the main page.