Posts

double files and pretty sure i have a trojan or malware :’)


ofc, my bad  :busy:    

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2021

Ran by hundenabbe (administrator) on ALBIN (ASUS System Product Name) (25-11-2021 00:09:28)

Running from C:UsershundeDesktopNy mappLogs

Loaded Profiles: hundenabbe

Platform: Microsoft Windows 11 Home Version 21H2 22000.348 (X64) Language: Svenska (Sverige)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareCorsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareCorsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareCorsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareCorsairMsiPluginService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareCueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program FilesCorsairCORSAIR iCUE 4 SoftwareiCUE.exe

(Discord Inc. -> Discord Inc.) C:UsershundeAppDataLocalDiscordapp-1.0.9003Discord.exe <6>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.112GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <15>

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:WindowsSystem32CorsairGamingAudioCfgService64.exe

(Microsoft Windows Publisher -> Microsoft Corporation)…

Source…

7 Emerging Ransomware Groups Practicing Double Extortion


Cybercrime as-a-service
,
Fraud Management & Cybercrime
,
Malware as-a-Service

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims

7 Emerging Ransomware Groups Practicing Double Extortion
Extracts from ransomware operators’ ransom notes and data-leak sites

After a string of high-profile hits in the middle of this year, a number of the largest and most notorious ransomware operations disappeared.

See Also: Top 50 Security Threats


Beginning in May, ransomware attacks by Russian-language groups Conti against Ireland’s health service, DarkSide against U.S.-based Colonial Pipeline, and REvil against meat processing giant JBS and remote management software firm Kaseya led the Biden administration to try to better disrupt the ransomware business model. The White House has put Russia on notice that if it won’t disrupt ransomware-wielding criminals operating from inside its borders, then the U.S. reserves the right to do so.


In short order, DarkSide and REvil disappeared, as did Avaddon, with experts saying they appeared to be running scared. All were ransomware-as-a-service operations, in which operators develop crypto-locking ransomware and provide it to affiliates – essentially, self-employed contractors – who infect victims. Whenever a victim pays, the affiliate and operator share a prearranged split of the payoff.


Or at least that is what happens in theory. Security firm Recorded Future’s new site, The Record, recently reported that a disgruntled Conti affiliate leaked manuals and technical…

Source…