Got hacked, this thread was spam and the download link was a keylogger.
Got hacked, this thread was spam and the download link was a keylogger.
Last edited by Zaxer; 05-01-2015 at 01:38 PM.
Thank you for this. Its actually suprisingly good (considering you said it will be sloppy, dont be so hard on yourself :P).
However, the GUI could be a little bit smoother and hotkeys would help ALOT, this is still GREAT for a freeware.
Thanks again!
DEFINITELY DO NOT DOWNLOAD THIS. NASTY VIRUS, WHICH I'M NOW FIGHTING TO REMOVE FROM MY SYSTEM.
https://www.virustotal.com/en/file/6...is/1430425139/
Last edited by Filint; 05-01-2015 at 04:06 AM.
Ran it under a VM, it is indeed a virus coded in .NET (obfuscated with SmartAssembly.)
I'm leaving this thread here temporarily to provide a little information about it.
By the look of it, it's only a keylogger, so I think you do not need to worry about it collection current passwords, cookies, etc.
In case you did run it, you can remove it like so:
1. Disable/unplug your internet connection.
2. Disable all startup applications via. regedit (or within Task Manager in Windows 8.1)
3. Make sure you found the startup entry for "sysmon.exe", and deleted it. Should be located somewhere like "C:/ProgramData/<some numbers>/sysmon.exe", you should note this path down.
4. Restart your PC, now you should notice there's only one sysmon.exe in task manager (the REAL Windows one.)
5. Read how to take ownership of a system file: How to Delete a System File in Windows 7 or Vista
6. Take ownership of the executable at the path you noted before.
7. Delete the file via. Windows Explorer, you will probably have to show hidden files to see it.
8. Enable internet, enable the other startup applications, restart your PC.
Thanks, Jadd. I think I've got it fixed now!
I wasn't actually able to take ownership and delete it. What I ended up doing was booting up ubuntu from a usb and replacing the two(!) sysmon.exe with 0 byte sysmon.exe files. Stopped the file from running obviously, and I was then able to take ownership and delete.
Sorry to hear about the account hack Zaxer.