0

In almost every five minutes, I come out of the AVG avg stop downloading files and do not know which program wants to download these files.

I have read this before WMI Infections

So, i opened this question because, i think this malware variant used WMI to maintain persistence.

I have read this too : Explained: WMI hijackers

enter image description here

Effectively, the script to be executed is hidden from the user, and the script (as a file) isn’t stored on the system. Which is why it is considered as another fileless infection. WMI techniques were used by malware like Stuxnet in the past.

enter image description here

Hackoo
  • 115
  • 8
  • Possible duplicate of [Help! My home PC has been infected by a virus! What do I do now?](https://security.stackexchange.com/questions/138606/help-my-home-pc-has-been-infected-by-a-virus-what-do-i-do-now) –  Jul 05 '18 at 11:41
  • @Joshua.J it's not duplicate, please check my edit to understand why i have opened this question ! – Hackoo Jul 05 '18 at 12:40

1 Answers1

1

The target IP belongs to KRYPT TECHNOLOGIES, which is a cloud hosting company.

Their IPs are known to be used in an abusive manner:

  • they are known for using and hosting ambiguous domain names

  • they tend to also have malicious traffic and internet abuse trends

  • many of their so called legitimate websites hosted by them are actually fronts for hosting virus’s and other malicious distributed files, attacks and other malicious activities

  • BOTNET activities

  • activities that have been monitored through their internet access has been Spam, Virus Activity, Hacking Attempts, as well as Malicious file distribution

Verdic: Virus/malware.

Recommended Actions: delete files, blacklist IP in firewall.

Overmind
  • 8,829
  • 3
  • 19
  • 28