Question New Malware, just pointing it out here first

[Hollow704]

My buddy just got a piece of malware that no software was picking up including malwarebytes. Upon googling it we could not find any results related to it. It's called Pentothal.exe which judging by the name is probably some sort of injector. From what I can see it changed some group policies and put an exe in the program data hidden folder, and waited to run the payload upon reboot which it never got to do. We have some proprietary software that we booted into from usb to remove it as we could not get it to fully remove itself even with command prompt. If anyone has any thoughts or has heard of this feel free to reply below,

 

[Ralston18]

How did he get the malware? Some software download, visit to a website, an email, loaded via USB...?

Submit what you have to Malwarebytes:

https://support.malwarebytes.com/docs/DOC-1087

 

[TimPM]

I have also just found this on my machine. Could you please give more detail on how you removed it - I can't get rid of it no matter what I try. I'm beginning to run out of options other than to just give up and reinstall windows.

 

[clutchc]

How did you first know you had it if it didn't get IDed by MB or Win virus?

 

[Hollow704]

so me and my buddy work in IT, and he downloaded something, clicked the video he downloaded, and it opened a link. being in IT we both knew something had to be amiss so we checked the current process tree and went from there. and unfortunately I can't give you the proprietary software to remove it, but trying from command prompt in safe mode is something i don't believe we tried as it was super late in the AM and we went straight to the proprietary usb fix. using a linux distro from a usb to delete files may work as well, but if you dont have any important files on your boot drive, wiping and reloading is probably the fastest option.

 

[Hollow704]

someone else already submitted to malwarebytes so ill save some time registering but will keep tabs. we plan on running a vm on a spare laptop and downloading said video again to investigate the file a little more.

 

[Hollow704]

something else worth mentioning: it does appear its trying to reroute all of the web traffic to steal passwords and personal info, it does have several layers of self-removal protection and upon rebooting will basically open up the OS to give the app full control. so if you havent rebooted yet I wouldnt

 

[TimPM]

I got it on my machine the same way, possibly even the same video. Although I was also suspicious I didn't locate it immediately but instead found it when I noticed something was using 70% of CPU in the task manager. Using command prompt I can't even locate the file where it says it is, let alone delete it. I think I'll have to resort to a fresh install

 

[mdd1963]

so me and my buddy work in IT, and he downloaded something, clicked the video he downloaded, and it opened a link. being in IT we both knew something had to be amiss so we checked the current process tree and went from there. and unfortunately I can't give you the proprietary software to remove it, but trying from command prompt in safe mode is something i don't believe we tried as it was super late in the AM and we went straight to the proprietary usb fix. using a linux distro from a usb to delete files may work as well, but if you dont have any important files on your boot drive, wiping and reloading is probably the fastest option.

sketchy downloads leading to malware instead? What a shock.....

Perhaps a refresher on IT security at Professor Messer?