Thread Tools Display Modes
06/08/18, 06:54 PM   #1
Neverending
Join Date: Jun 2018
Posts: 2
Trojan worm Script Cryptolocker?

So I updated Minion few minutes ago and then!
TROJAN WORM SCRIPT CRYPTOLOCKER -> minion_updater.wsf
  Reply With Quote
06/08/18, 07:57 PM   #2
Dolby
Every day I'm shuffling
 
Dolby's Avatar
Premium Member
WoWInterface Admin
Join Date: Feb 2004
Posts: 1,276
swf files are just windows script files. almost kinda like bat files. you can open then in a text editor and see the code even. Nothing changed in the new release with this file too.

The contents of the file is just this...
Code:
<?xml version="1.0" ?>  
<package>  
   <job id="updateMinion">  
    <runtime>
        <named name="exeFile" helpstring="Text to display" type="string" required="true"/>
    </runtime>
    <script language="JScript">  
     <![CDATA[  
        WScript.Sleep(5000);
        var objShell = new ActiveXObject("WScript.Shell")
        var exeFile = WScript.Arguments.Named.Item("exefile")
        objShell.Run('"' + exeFile + '"')
     ]]>  
    </script>  
   </job>  
</package>
What security or virus software are you using so I can report it as a false positive? It's not coming up on any of the popular ones here: https://www.virustotal.com/#/file/e4...73e7/detection

Last edited by Dolby : 06/08/18 at 08:01 PM.
  Reply With Quote
06/09/18, 12:24 AM   #3
Neverending
Join Date: Jun 2018
Posts: 2
Now its 360 Total Security. I know its just windows script files, but not always :x
my first false positive

..I think its same like Qihoo 360 from virus total site.

Last edited by Neverending : 06/09/18 at 12:41 AM.
  Reply With Quote

ESOUI » Site Forums » Minion » Trojan worm Script Cryptolocker?

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off