| Page 1 of 2 |
|
|
 Posted: Mon, 12th Jan 2015 22:35 Post subject: WaspAce/Wasppacer.exe |
|
 |
What is this?
https://www.virustotal.com/en/file/b3fc0e4d36367c4512d52f3ddf713f678ba2f939000345a49226cd472c60566a/analysis/1421096460/
Also, I had a *completely* hidden folder inside "appdata\roaming" called "Windows" (not in roaming\Microsoft\Windows) that had Wasppacer.exe as well as half a dozen other .DLLs. I couldn't get any scanners to see the folder, nor explorer, I had to cmdline and "attrib -s -h" just to get it to show up, and then again on the contents of the folder. Neither Windows Defender, Bit Defender nor SpyBot flagged anything. Hell, the only way I even knew it was there was when I got a firewall blocked notification with "\wasppacer.exe" as the file.
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13522
|
| Posted: Mon, 12th Jan 2015 23:18 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:14; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 12th Jan 2015 23:55 Post subject: |
|
|
it is part of waspace I think.
"WaspAce is a service that allows you to automate to increase traffic to the site, to carry out the simulation of various actions with objects online resource."
Autosurfing
There are no restrictions on the number of accounts for a single user.
No hard peg account to a specific IP or PC autosurf.
Safe surfing using VirtualBox and sandbox.
Earned credits can be spent on the implementation of their own jobs in the service or sell to another user directly and through automatic exchanges.
Completing quests
With more than 9 thousand. Jobs in one account. Unlimited number of accounts.
Ability to customize clicks on the mask .
Customizable assignment from 10 to 900 seconds.
Configurable period of time unique IP.
Substitution of HTTP-Referer'a
Ability to adjust the depth of view, indicating any path visit.
Daily and weekly target.
The ability to filter traffic:
white or black list of IP
proxy IP
static / dynamic IP
Ability to specify daily gain
Running scripts
Below is just a small part of all the opportunities to get acquainted with all possibilities - click on the link
Search any element on the page
Filling in form fields
Ability to perform JS, JQuery
Captcha
Working with tabbed browser
etc.
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13522
|
| Posted: Tue, 13th Jan 2015 00:02 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:14; edited 2 times in total
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:03 Post subject: |
|
|
Moose, the thread title does say that very same thing. Just saying. I appreciate your help and description though.
@Nalo @frogster
I'm going to try and get rid of everything but I just found something ELSE running;
svñhîst.exe
The folder it's running from is completely hidden, it's hidden from *everything* and not even removing attributes works unless I know the specific folder name. It's in;
C:\Users\Sabin1981\AppData\Local\114c390
And has an installer in there called "12.exe" (obviously I'm not going to run it) But why is nothing detecting? Where the fuck did this come from and what is it doing?
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:08 Post subject: |
|
|
Do a full scan with HitmanPro, that should get rid of this shit.
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13522
|
| Posted: Tue, 13th Jan 2015 00:12 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:14; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:18 Post subject: |
|
|
svñhîst.exe ?
That's obviously malware, spoofing svnhost.exe which is a legit executable, it is using special characters to make deletion more difficult.
EDIT: Reenable Classic Shell, no probs, HMP probably reset some settings to defaults or something.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:24 Post subject: |
|
|
Yeah, I had to reboot because it shut down CS as well as a bunch of other programs. When I rebooted, Bitdefender finally did its fucking job and blocked svñhîst.exe but then it also blocked "service.exe" from the same "roaming\windows" folder. What the fuck is this shit and where the hell has it come from? Bitdefender "blocks" it but doesn't CLEAN it. What kind of stupid ass piece of shit program is this and why is it so highly rated? 
~edit~
Now I can't see "Appdata" folder any more. It's completely gone. Windows is obviously set to show hidden/system folders, but it's not there in Explorer. I can navigate to it manually, but I can't SEE it.
"Show hidden files, folders and drives" option in Folder Options won't stay enabled. I tick it, apply, close, go back, no hidden folders visible, option is unticked again.
~edit~
I can't edit the entry in the registry
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:30 Post subject: |
|
|
Run msconfig and check all auto startup services and msconfig. Do you have win 8?
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:35 Post subject: |
|
|
Yes, 8.1. I've checked MSconfig, nothing out of the ordinary except for that svñhîst.exe which has already been stopped. Right now I'm more concerned about why hidden/system folders have been hidden and I cannot re-enable the option, not even in the registry.
WaspAce/wasppacer.exe has gone but now I'm still left with this fucked up "thing" and locked off hidden-folders. I could unhide appdata and any other file in there with Attrib, thankfully.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 00:56 Post subject: |
|
|
| sabin1981 wrote: | Moose, the thread title does say that very same thing. Just saying. I appreciate your help and description though.
@Nalo @frogster
I'm going to try and get rid of everything but I just found something ELSE running;
svñhîst.exe
The folder it's running from is completely hidden, it's hidden from *everything* and not even removing attributes works unless I know the specific folder name. It's in;
C:\Users\Sabin1981\AppData\Local\114c390
And has an installer in there called "12.exe" (obviously I'm not going to run it) But why is nothing detecting? Where the fuck did this come from and what is it doing? |
Sorry sabin missed that, anyhow I am just Groot I will probably be temporary banned or something in a moment. |
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 01:01 Post subject: |
|
|
fucking hell you lot are truly bored eh lol.
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13522
|
| Posted: Tue, 13th Jan 2015 01:01 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:14; edited 2 times in total
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 01:02 Post subject: |
|
|
| sabin1981 wrote: | Haha! What the hell? Why do you keep getting banned?  |
They keep setting me up and altering my posts then banning me and then reverting said posts. Nothing but big bully boo boo's  |
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 01:03 Post subject: |
|
|
| Nalo wrote: | | Standard virus practice to keep you from viewing hidden folders. Have experienced it myself and the fix has to be a registry change I guess |
when it gets that bad and one is not sure what else might be hiding I just reinstall OS, its the safest bet. |
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 01:05 Post subject: |
|
|
| Nalo wrote: | | Standard virus practice to keep you from viewing hidden folders. Have experienced it myself and the fix has to be a registry change I guess |
Yup, but the registry is locked. I can edit most things but that one specific "Hidden (0)" flag in Explorer\Advanced? It's locked. I've taken full control, but I still can't edit it. I'm installing MBAM now and I'll try some other stuff but this is really pissing me off  I had to manually remove the hidden tag from AppData just to see the folder.
~edit~
And done. Cleaned. Fucking gone. I can reset folder permissions, edit Registry, view hidden files.. and there's no malicious shit running or not running. At least as far as I can tell. This fucking thing took a combination of Spybot, Windows Firewall, Windows Defender, Bitdefender and HitmanPro to get rid of and I still don't know what it was or where it came from
Thank you for the help and suggestions, guys, it's much appreciated.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 02:02 Post subject: |
|
|
|
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13522
|
| Posted: Tue, 13th Jan 2015 02:39 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 06:14; edited 2 times in total
|
|
| Back to top |
|
|
tonizito
VIP Member
Posts: 51420
Location: Portugal, the shithole of Europe.
|
| Posted: Tue, 13th Jan 2015 02:58 Post subject: |
|
|
Thought it would end up with you going back to win7, 
| boundle (thoughts on cracking AITD) wrote: | | i guess thouth if without a legit key the installation was rolling back we are all fucking then |
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 04:20 Post subject: I have left. |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 07:18 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 12:24 Post subject: |
|
|
| Shoshomiga wrote: | | If it was compromised you better just cut your losses and reinstall everything from scratch, make sure to re-flash the firmware on your routers as well if you have any since they might be compromised |
I'm sorry, but that's just a load of rubbish.
"Nuke everything!"
No thanks. I'm fine, I've cleared off what was running.
| scaramonga wrote: | Yeah, ya just don't know what's in half these game files one grabs these days 
Always good to scan regular with Hitman and MBAM, as generally, these two pick most shit up. |
Seriously  I'm guessing it was from a Russian piece of shit install of AIDA64 I grabbed yesterday, I usually scan first but I guess something was hidden away that evaded scanners. I always have one or the other installed (MBAM or Spybot) this time it was Spybot. I guess this was my own fault for relying on Windows Defender, it always served me fantastically in Win7 with the separate MSE, but it seems the Win8 version is crappy. Bitdefender, Hitman and Spybot managed to clean everything off... strangely, MBAM didn't find *anything* -- though the downside to Bitdefender is how ridiculously ingrained it is into the OS and how hard it is to disable/pause specific options. There's even an "issue" on Windows 8 where the "Wallet" can't be disabled and sometimes swallows up 30% CPU. YAY! Time to find something else >_>
| frogster wrote: | add unhackme and tdsskiller to that list in case you have a pasky one  . and check running processes with process explorer from sysinternals. |
Unhackme didn't find anything either, just a handful of tracking cookies and everyone has those  I'll keep tdsskiller installed too, thanks!
|
|
| Back to top |
|
|
JBeckman
VIP Member
Posts: 34994
Location: Sweden
|
| Posted: Tue, 13th Jan 2015 12:40 Post subject: |
|
|
So many virus variants and new malware releases these days that I guess AV solutions can't quite keep up, MSE is good for a free solution but it's not the most aggressive program (Though that keeps false positives down at least.) so it will miss a few things whereas other programs can nearly get annoying with blocking everything that tries to run though with UAC on and admin-approval mode of Windows 8/8.1 it's pretty secure although as stated there's so much crap getting released.
(The MSE definitions update several times a day I believe as does probably many other security programs now.)
I prefer to unpack installers just to see if there's anything like that hidden away but that's not guaranteed to protect you either (Could be hidden in the crack file or otherwise obscured.) unless you run it in a isolated VM environment or similar which I've heard there's actually people that do.
Glad you got rid of it and managed to restore everything in working order, even simple toolbars can cause a lot of issues so a more sophisticated malware or virus can be really annoying to get rid of.
(At least it wasn't one of those pesky encryption ones.)
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 12:42 Post subject: |
|
|
Sometimes toolbars are the worst ones, they're so malicious and deeply ingrained. I cannot count how many times I've had to clean people's systems of nasty toolbars and other "search helpers" that are anything but helpful. Either way, thanks again for the suggestions everyone! Time to start taking security seriously again, I've gotten way too lax :\
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 13th Jan 2015 13:36 Post subject: |
|
|
Last edited by Yondaime on Mon, 2nd Dec 2024 15:36; edited 1 time in total
|
|
| Back to top |
|
|
| Page 1 of 2 |
All times are GMT + 1 Hour |
