MS Security Essentials picked up Behavior:Win32/LimeRat.gen!MTB - How do I get rid of it?

  • Thread starter Thread starter AlbertC6
  • Start date Start date
A

AlbertC6

MS Security Essentials picked up Behavior:Win32/LimeRat.gen!MTB. It said: The following error occurred: Error code 0x80070005. Access is denied. (So MSSE was not able to quarantine it)

Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
behavior:pid:284:54648274745608
process:pid:284,ProcessStart:132336680787440781

Get more information about this item online.


I did a full scan and also downloaded and ran MS Security Scanner, which found nothing. I also have Malwarebytes premium running full time and it did NOT pick it up. I have contacted them but they are ignoring me. This is a bad virus and can infect connected computers, usb dives

Accoding to what I have read - the malware registers itself as “Critical Process” and when the user tries to kill it, a Blue Screen of Death (BSoD) is raised on the victim machine. Besides this peculiar tricks, the malware has a complete set of very powerful and dangerous capabilities, such as:

  • USB drive propagation, infecting all files and folders on USB drivers.
  • Evasive startup methods (fileless) to avoid AV detection.
  • Virtual machines and analysis box awareness to avoid detection.
  • Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords.
  • Keylogger module
  • Backdoor and RDP access.

Any help would be appreciated.

Continue reading...
 
Back
Top