So last week i mistook a file for something else and installed a malware know as explorer 32bit virus(original name: Tjprojmain or atleast that’s what file properties shows).ok long story short: i guess i was able to remove the virus, I’m going to clean install os anyways.
Now during all this i read lots of articles/forums from the internet and it intrigued my intrest.
Now in all my research i never found someone explaining how this virus actually works like how it hid itself for the next AV scanning or How it infect precompiled binaries or chain infection.
I’ll really appreciate if someone explains.
In: 1
The first page of google claims it’s a coin miner. Also, 100% reinstall your OS and repartition the disk, you almost certainly didn’t get rid of it.
Viruses use a ton of different obfuscation techniques, but the low-effort ones usually just name their binary/service after a built in windows service. They also can subscribe themselves to lists that the services execute automatically to execute whenever the service is brought up, running malicious code under a legitimate system process, such as the case with svchost.exe viruses being able to add themselves to a registry entry that svchost locates files from.
Viruses avoid detection in a few main ways: they can hook into OS system calls to control the information the AV program receives, intercepting the request with innocuous data. They can encrypt and decrypt the actual payload as needed to avoid being analyzed. They can modify their own code to replace syntax and structure with functionally equivalent, but forensically different signatures. The virus may be equipped to disable multiple types of AV software without notifying the user. Perhaps the virus finds partitions/drives that are not scanned and chooses to live there instead. They can also mix and match these techniques as needed. There are so many techniques out there, and being invented all the time, that it forms a cat and mouse game between malware writers and Computer security specialists.
Latest Answers