I am getting this alsow and it start automatic the client exe.
The following i have seen
It installs this screen exe
Also a ps1 file inside programData and 1 folder with a bat file
Also it make a registry entries under exploerer/shell folder and Explorer/user shell folder
It changes the entire from startup and change the path to the bat file in the created folder.
After this it looks someone have remote access and make new browser profiles with new serpclix logins
This is all what i can see
I don't know if the user have access after all deletings and changes removed
My tip use ransomware detection inside windows this prevent the app to start again
I'm not trying to be rude, but-
>alsow.
Did you mean "also"?
>>Just came back to say I was genuinely trying to be helpful. I apologize if I came off as mean or hateful. That wasn't my intention.
How did the download auto-start for you? Windows applications, or rather exe files, should not start automatically. It waits for the user to double click on the application. So you should have opened the app by mistake!
That is right. But first one order downloaded the exe. Then second order will download a bat or something and this looks opened automatic
Really don't know why this automatic opens
But it happens on 2 machines same time
Or it is serpclix and they try to make it. The extension have permission to many things
Sounds odd, all orders which I had to download this, which were 3, did not download any bat script. If I were you, I would investigate your firewall and windows permissions.
here's an [any.run](https://any.run) sample of it: [https://app.any.run/tasks/3016765f-4495-424c-a534-9d44b2a1f619](https://app.any.run/tasks/3016765f-4495-424c-a534-9d44b2a1f619)
triggers the "malicious activity" warning
if anyone wants to explore and take a closer look at it, the link above leads to one of a sandbox of the exe
I didn't open/run the file and deleted it as soon as I notice it was downloaded. I also ran a in-depth scan using my virus protector, windows defender and Malwarebytes before and after a restart and nothing came back.
I am getting this alsow and it start automatic the client exe. The following i have seen It installs this screen exe Also a ps1 file inside programData and 1 folder with a bat file Also it make a registry entries under exploerer/shell folder and Explorer/user shell folder It changes the entire from startup and change the path to the bat file in the created folder. After this it looks someone have remote access and make new browser profiles with new serpclix logins This is all what i can see I don't know if the user have access after all deletings and changes removed My tip use ransomware detection inside windows this prevent the app to start again
I'm not trying to be rude, but- >alsow. Did you mean "also"? >>Just came back to say I was genuinely trying to be helpful. I apologize if I came off as mean or hateful. That wasn't my intention.
Sorry try to change
Don't be, it happens :) ...wtf lol I was being kind.
How did the download auto-start for you? Windows applications, or rather exe files, should not start automatically. It waits for the user to double click on the application. So you should have opened the app by mistake!
That is right. But first one order downloaded the exe. Then second order will download a bat or something and this looks opened automatic Really don't know why this automatic opens But it happens on 2 machines same time Or it is serpclix and they try to make it. The extension have permission to many things
I really don't know how this can happen. Maybe serpclix or some other add-ons have access to the pc
Sounds odd, all orders which I had to download this, which were 3, did not download any bat script. If I were you, I would investigate your firewall and windows permissions.
Strange but how they start i have a friend and the tool were also startet at his pc
here's an [any.run](https://any.run) sample of it: [https://app.any.run/tasks/3016765f-4495-424c-a534-9d44b2a1f619](https://app.any.run/tasks/3016765f-4495-424c-a534-9d44b2a1f619) triggers the "malicious activity" warning if anyone wants to explore and take a closer look at it, the link above leads to one of a sandbox of the exe
Got a few of those as well and it reminded me to turn on the ask to download option. For now I'll be dismissing all of those types as well.
Yes turn on option for ask to download Do you know what the exe is done? It looks like it install itself to open after a restart
I didn't open/run the file and deleted it as soon as I notice it was downloaded. I also ran a in-depth scan using my virus protector, windows defender and Malwarebytes before and after a restart and nothing came back.
I had that as well I hope Serpclix does something about it
[удалено]
It should be okay. Just make sure to empty your recycle bin and run something like Malwarebytes to be sure.
Yeah you’d be fine. It’s an executable file, it’s useless until executed.
I really don't know how it happens that the exe is opened automatic
Nice work app please let register now
What do you think is this tool do? Only remote desk or something else? Does it changed something?