ESOUI

ESOUI (https://www.esoui.com/forums/index.php)
-   Minion (https://www.esoui.com/forums/forumdisplay.php?f=183)
-   -   Trojan worm Script Cryptolocker? (https://www.esoui.com/forums/showthread.php?t=7848)

Neverending 06/08/18 06:54 PM

Trojan worm Script Cryptolocker?
 
So I updated Minion few minutes ago and then!
TROJAN WORM SCRIPT CRYPTOLOCKER -> minion_updater.wsf :eek:

Dolby 06/08/18 07:57 PM

swf files are just windows script files. almost kinda like bat files. you can open then in a text editor and see the code even. Nothing changed in the new release with this file too.

The contents of the file is just this...
Code:

<?xml version="1.0" ?> 
<package> 
  <job id="updateMinion"> 
    <runtime>
        <named name="exeFile" helpstring="Text to display" type="string" required="true"/>
    </runtime>
    <script language="JScript"> 
    <![CDATA[ 
        WScript.Sleep(5000);
        var objShell = new ActiveXObject("WScript.Shell")
        var exeFile = WScript.Arguments.Named.Item("exefile")
        objShell.Run('"' + exeFile + '"')
    ]]> 
    </script> 
  </job> 
</package>

What security or virus software are you using so I can report it as a false positive? It's not coming up on any of the popular ones here: https://www.virustotal.com/#/file/e4...73e7/detection

Neverending 06/09/18 12:24 AM

Now its 360 Total Security. I know its just windows script files, but not always :x
my first false positive ;)

..I think its same like Qihoo 360 from virus total site.


All times are GMT -6. The time now is 03:48 PM.

vBulletin © 2019, Jelsoft Enterprises Ltd
© 2014 - 2019 MMOUI