did as requested, no signs of it under Processes/Applications/tasks/services
the exe is currently running and cant see any signs of AutoIt anywhere >.<
Just out of interest when did you download wallet, i wonder if maybe the download you got was editted in some way after it was uploaded (how big was the download mine was 9,452kb in zipped form, the exe is 3,427kb unzipped)
It's the same size zipped, 9,452KB. Sorry when I said check ctr alt delete/ task manager I forgot to say it's under processes. The image name is svhost.exe and the description is Autoit v 3 script. It hops all over the place.
Hey hey,
With the Svchost.exe clue i have also discovered i have the script running, Got the bluescreen on first attempt to access the process location.
On reboot the process is still running, Killing the process also caused a bluescreen (no bluescreen for 5 odd years then 2 in 5 minutes! awesome! lol)
anyway, on reboot jumped in to Safemode, deleted everything that was added to the machine today, foudn copies of the .Dll files in one of my other legitimate wallets and copied those over the .Dlls that were added to the syswow folder. (odd thing i found here! All the created times for the legitimate Dlls were created exactly 1 hour before the dodgy ones, which would imply if the dlls are in-fact dodgy and were edited by the coin creator he did it so that they look very much like the real ones, except he is in a different time zone to me. (although this is just speculation ^.^)
rebooted back into normal mode
no signs of the process running any more, but will be reinstalling loads of antivirus/malware tools tonight to do a complete disinfect.
but on first glance it doesn't look like it has done anything horrible all the wallets i have left on the machine are from dead or dying coins and the contents of them doesn't seem to have changed. (I dont actually keep wallets for bitcoin/litecoin/Prime etc on internet facing machines, but recently i have been considering it! after this ill leave them on the USB stick and just suffer the hassle of having to dig it out when ever i want to send coinage ^.^ )
Sooooo thanks for pointing out the process i didnt consider looking under the svchosts (which is dumb as i have seen things hide under there before! (sorry for doubting you ;-) )
On a good note though, I just discovered someone sent me 5.4 million Pennies ^.^ now all i need is for them to stop being worth only 0.00000002ltc >.<
I forgot to mention, Anyone else scanning files with Sophos End Point protection or MalwareBytes, this script didnt show up at all in the results. Probably because its using
http://www.autoitscript.com/site/ which appears to be a self contained program - my knowledge of programming languages is next to Zero so im assuming the reason it didnt show up is because they is realitively new? anyone that has used it before please let us know. thanking you :-)
