A
AlbertC6
Guest
MS Security Essentials picked up Behavior:Win32/LimeRat.gen!MTB. It said: The following error occurred: Error code 0x80070005. Access is denied. (So MSSE was not able to quarantine it)
Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
behaviorid:284:54648274745608
processid:284,ProcessStart:132336680787440781
Get more information about this item online.
I did a full scan and also downloaded and ran MS Security Scanner, which found nothing. I also have Malwarebytes premium running full time and it did NOT pick it up. I have contacted them but they are ignoring me. This is a bad virus and can infect connected computers, usb dives
Accoding to what I have read - the malware registers itself as “Critical Process” and when the user tries to kill it, a Blue Screen of Death (BSoD) is raised on the victim machine. Besides this peculiar tricks, the malware has a complete set of very powerful and dangerous capabilities, such as:
Any help would be appreciated.
More...
Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
behaviorid:284:54648274745608
processid:284,ProcessStart:132336680787440781
Get more information about this item online.
I did a full scan and also downloaded and ran MS Security Scanner, which found nothing. I also have Malwarebytes premium running full time and it did NOT pick it up. I have contacted them but they are ignoring me. This is a bad virus and can infect connected computers, usb dives
Accoding to what I have read - the malware registers itself as “Critical Process” and when the user tries to kill it, a Blue Screen of Death (BSoD) is raised on the victim machine. Besides this peculiar tricks, the malware has a complete set of very powerful and dangerous capabilities, such as:
- USB drive propagation, infecting all files and folders on USB drivers.
- Evasive startup methods (fileless) to avoid AV detection.
- Virtual machines and analysis box awareness to avoid detection.
- Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords.
- Keylogger module
- Backdoor and RDP access.
Any help would be appreciated.
More...