Question New Malware, just pointing it out here first

Toggle sidebar Toggle sidebar
H

Hollow704

Reputable
Jan 30, 2015
51
1
4,540
My buddy just got a piece of malware that no software was picking up including malwarebytes. Upon googling it we could not find any results related to it. It's called Pentothal.exe which judging by the name is probably some sort of injector. From what I can see it changed some group policies and put an exe in the program data hidden folder, and waited to run the payload upon reboot which it never got to do. We have some proprietary software that we booted into from usb to remove it as we could not get it to fully remove itself even with command prompt. If anyone has any thoughts or has heard of this feel free to reply below,
 
Sort by date Sort by votes
I have also just found this on my machine. Could you please give more detail on how you removed it - I can't get rid of it no matter what I try. I'm beginning to run out of options other than to just give up and reinstall windows.
 
Upvote 0 Downvote
so me and my buddy work in IT, and he downloaded something, clicked the video he downloaded, and it opened a link. being in IT we both knew something had to be amiss so we checked the current process tree and went from there. and unfortunately I can't give you the proprietary software to remove it, but trying from command prompt in safe mode is something i don't believe we tried as it was super late in the AM and we went straight to the proprietary usb fix. using a linux distro from a usb to delete files may work as well, but if you dont have any important files on your boot drive, wiping and reloading is probably the fastest option.
 
Upvote 0 Downvote
someone else already submitted to malwarebytes so ill save some time registering but will keep tabs. we plan on running a vm on a spare laptop and downloading said video again to investigate the file a little more.
 
Upvote 0 Downvote
something else worth mentioning: it does appear its trying to reroute all of the web traffic to steal passwords and personal info, it does have several layers of self-removal protection and upon rebooting will basically open up the OS to give the app full control. so if you havent rebooted yet I wouldnt
 
Upvote 0 Downvote
I got it on my machine the same way, possibly even the same video. Although I was also suspicious I didn't locate it immediately but instead found it when I noticed something was using 70% of CPU in the task manager. Using command prompt I can't even locate the file where it says it is, let alone delete it. I think I'll have to resort to a fresh install
 
Upvote 0 Downvote
Hollow704 said:
so me and my buddy work in IT, and he downloaded something, clicked the video he downloaded, and it opened a link. being in IT we both knew something had to be amiss so we checked the current process tree and went from there. and unfortunately I can't give you the proprietary software to remove it, but trying from command prompt in safe mode is something i don't believe we tried as it was super late in the AM and we went straight to the proprietary usb fix. using a linux distro from a usb to delete files may work as well, but if you dont have any important files on your boot drive, wiping and reloading is probably the fastest option.
Click to expand...

sketchy downloads leading to malware instead? What a shock..... :)

Perhaps a refresher on IT security at Professor Messer? :)
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom