Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Japanese Porn Malware

Jump to Latest
3.6K views 3 replies 2 participants last post by  chemist  
J
#1 · (Edited by Moderator)
I was visiting some Japanese websites to view manga images. I notiiced later a file in my

download folder. Foolishly, I clicked on it, and watched in horror as it installed sometthing.

Now, every 5 minutes a window pops up with japanese porno on it.

I saved the original file, and have it zipped up. It seems to be a self-executing zip file in exe

format.

When I log on to the computer, I can see a windows command box (black box) open and doing

something. There is a file listed in 'applications' with no name that I am unable to terminate.

I can see nothing unusual in hijack this logs or malwarebytes scans.

The file infected a non-privleged account, and the administrator account is not infected.

Attached are two screen shots, one of the pop-up window, and one of the task manager,

I was unable to upload the 7-zip file that includes the original executable that I ran to get

infected, it was rejected, however I can email it.

Jamie

Image

Image


Viewing image 0JIZF.png

Viewing image UDhqr.png
 
J
#2 ·
Here is an update:

Apparently the extracted files create a registry entry that runs an HTML-application

The registry entry: HKU\S-1-5-21-6372259613-1446327078-3904827135-1003\Software\Microsoft\CurrentVersion\Run\webkirin

will execute C:\ProgramData\kirin\MPM4P73S.bat

which will start "MSHTA MP4P73S.d" which is a local web page with obfuscated javascript that lazy-loads content from Japan or China.

Deleting the registry entries and the folder (C:\ProgramData\kirin) should fix this.
 
#3 ·
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 
Save
Like Like
#4 ·
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support