Author Topic: "Secretive Life.exe" - passed scans and has a service running with same name.  (Read 1877 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hi all
found this "Secretive Life.exe" process running (a service, local system acct) with no ownership information, and the exe was in "~user\appdata\roaming\Secretive Life". 

No idea what this is, shredded the exe and deleted the service using CS command.  Have kept the exe (compressed it into a rar) incase it can be uploaded for investigation - AVAST, do you accept uploads for this purpose?

Can't find anything in the registry on a simple search, but not sure how to check thoroughly.

Looked suspicious, anyone have any ideas what it is?

thanks all for reading.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37587
  • Not a avast user
Quote
Have kept the exe (compressed it into a rar)
Unzip file and upload it to www.virustotal.com   if tested before, click rescan for a fresh result
Post link to scan result here



Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Probably searchagent or PUP.Optional.SearchDonkey.A infestation.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Quote
Have kept the exe (compressed it into a rar)
Unzip file and upload it to www.virustotal.com   if tested before, click rescan for a fresh result
Post link to scan result here

https://www.virustotal.com/en/file/310783327e31f8abbbd07039ec52a95ba6cb1228bacbf4d2e6018a581fc977bd/analysis/1435668206/

Thanks for the advice.  Link to results provided above.  Not sure how bad the results are though.  I guess it shouldn't show up in the results in this way but hard to say if there's really something wrong with it.  Remains highly suspicious though with that name.