[SOLVED] Hacked wscript.exe?

[Aurumaker72]

Hey! I was playing around with making vbs scripts and i noticed the wscript.exe icon isn't the normal red box, it's from a crack I installed for Sapphire OFX Plugins. Hovering over it, it says as a program name: "Check for Sapphire OFX Updates".
I searched for that program with windows search and found it. I pressed "Open file location" and it sent me to wscript.exe in System32. Did my wscript.exe get somehow overwritten and is somehow hacked? Please tell me how to fix this, as I'm unsure if this is malicious or just a sideeffect from the crack.

EDIT: Scanned it using virustotal, a bot in the comments said it's a cloaked wscript that is malicious. How do I remove it??? I'm very worried!!
https://www.virustotal.com/gui/file...9fd6a87ff010e706396f87dd679244ed97b/community

 

[USAFRet]

"a crack I installed "
"get somehow overwritten "
"is somehow hacked "


'somehow' ? I think we all know how, exactly.

Yes, it is pretty safe to say that your system is heavily compromised.
In this case, a full wipe and reinstall is what is needed.

You can play around with trying to "fix it". But what else is going on in there? What other software and applications are compromised?

If a friend or family member brought their system to me with this...nuke it and pave over. I wouldn't spend more than about 3 minutes on a "fix".

 

[Aurumaker72]

"a crack I installed "
"get somehow overwritten "
"is somehow hacked "


'somehow' ? I think we all know how, exactly.

Yes, it is pretty safe to say that your system is heavily compromised.
In this case, a full wipe and reinstall is what is needed.

You can play around with trying to "fix it". But what else is going on in there? What other software and applications are compromised?

If a friend or family member brought their system to me with this...nuke it and pave over. I wouldn't spend more than about 3 minutes on a "fix".

I have around 250gb of very important data on my laptop which I won't be able to back up in no way shape or form. What do I do now 🙁EDIT: Can i just do a windows reinstall without wiping personal files?

 

[Aurumaker72]

Wish me luck, reinstalling!

 

[USAFRet]

I have around 250gb of very important data on my laptop which I won't be able to back up in no way shape or form. What do I do now 🙁EDIT: Can i just do a windows reinstall without wiping personal files?

"won't be able to back up"...Uh huh...
And what would you do if that drive died suddenly? Like in the next five minutes?

Within all that "very important data" are the very files that brought you to this situation.

 

[Aurumaker72]

That's true. I'm trying my best to back up the most most most important files on a small USB. Thanks for helping me, i'm reinstalling.

 

[Aurumaker72]

@USAFRet
Sooo... I found out that even the OFFICIAL Sapphire downloaded from the OFFICIAL website does that to wscript. It just can't be that a HUGE company like BorisFX giving out malware to film producers, etc... It is most likely some code messup or just some registry fault.
EDIT: Uninstalling it also removes the modified icon, so it's obviusly a registry or code fault. I feel dumb for reinstalling windows haha, it sped up my pc by a lot though!!!

 

[USAFRet]

@USAFRet
Sooo... I found out that even the OFFICIAL Sapphire downloaded from the OFFICIAL website does that to wscript. It just can't be that a HUGE company like BorisFX giving out malware to film producers, etc... It is most likely some code messup or just some registry fault.

Interesting.

It does sometimes (rarely) happen that even a major site will get compromised, and a malicious file is injected into their distribution files.

Apparently, not in this case though.

 

[Aurumaker72]

Interesting.

It does sometimes (rarely) happen that even a major site will get compromised, and a malicious file is injected into their distribution files.

Apparently, not in this case though.

It happens with EACH version. And there is apparently no hack/leak/breach, etc... right now of BorisFX. It's just the programmers probably <Mod Edit> up

 

[USAFRet]

It happens with EACH version. And there is apparently no hack/leak/breach, etc... right now of BorisFX. It's just the programmers probably <Mod Edit> up

True.
But still....don't download cracked <anything>. That IS how you get malware.

 

[Aurumaker72]

True.
But still....don't download cracked <anything>. That IS how you get malware.

I'm unsure if I even had malware in the first place. My system ran fine, and all virus scans in the world didn't detect anything. I even ran a ultra deep scan once which took like 3 hours. I usually searched ALL my C drive for malware every 2 months and never found fishy stuff. I'm ok with malware that says "Hey, i'm going to demolish your PC once you install me!". I probably had malware which lurked and did nothing other than sitting there inactive because I probably broke it when manual-searching for malware lol!
EDIT: Another update. I can't go without Sapphire so I got a well known crack from a reputable team. WScript's icon is ok now. No virus scans show baddies and i manually searched my laptop for malware, nothing. I guess it is after all a bug...