A virus or worm out in the wild

Options
AuraDeOnyx
AuraDeOnyx Posts: 1 New Member
edited February 2023 in General Discussion

Anyone have info on this virus on our networks?


Comments

  • Ukko
    Ukko Posts: 3,634 Superuser
    edited February 2023
    Options

    Hello,

    With no knowledge about background and specific points in your situation, I can to suggest some things like:

    • you can try to upload a suspicious 'file' (or item) to the services like VirusTotal (https://www.virustotal.com/) - if their terms and rules are acceptable for you, of course. So, just to check if that file is known as malicious and labeled so by VirusTotal's vendors/companies-partners. And maybe to receive a bit more information about file/item subject.
    • you could directly share file/item with F-Secure Labs (so they will be able to check and handle it; and optionally to provide a kind of response about) via that page: Submit a sample | F-Secure

    Maybe I did not get the overall view, but based on your screenshots - there are only 'static' (?) yet traces of detected malware.

    For example, ""TMACv6.0.7_Setup.zip"" is mentioned. From Google Search results (for example) -- possible to find out what is 'potentially' name of software or tool it stands for.

    Then, it is possible to imagine even if that tool or software is legit and clean itself - there are numerous ways to bump into 'faked', 'compromised', 'modified' or 'malicious' version of it. So, depends on way how was the file downloaded - less or more risks there.

    A real zipped file (container, archive) itself is 'almost' harmless. Until there will be an attempt to unpack it or run any part of inside's content.

    So, there mentions of "AcGenraLDLL". Perhaps, a .dll-file. I am not sure why and how it is related to mentioned .zip-file and detection as such. Maybe 'malicious'/altered.

    Another mention is "W32/MebrootDLL!Generic" detection name.

    W32 means (at least) that is designed for Windows platform; Mebroot maybe means (Mebroot - Wikipedia); DLL means type of file (.dll); and !Generic means that this is a generic detection about (so, there is a possibility of wide-range false positive detection).

    If you did not run anything - then you can just to delete / remove .zip file (if detections are only about content inside it). Additionally, you just better to run a Full Scan by your or any other preferred security solution (like F-Secure Internet Security or F-Secure TOTAL) - so, to make sure a system clean from F-Secure solution's side of view and if no - to quarantine/remove detected items. In case if you are customer of any security solution - good to contact their official Support Channel, so they should provide some sort of assistance with curing up your system.

    F-Secure Support Channels: Contact support | F-Secure

    In case if 'mentioned' zip-file was from original source (developer/author) - then to contact them about it. Especially, if after contacting F-Secure Labs (a second suggestion in my reply) - analysts will not insist on a false positive detection.

    Sorry for my English!

    Thanks!

  • emili57
    emili57 Posts: 2 New Member
    Options

    wow post

  • clairette
    clairette Posts: 23 Enthusiast
    Options

    it's because Ukko is nice.

    😃