Author: wazon
Subject: KRECWLENUZWGAI entry in registry - suspicious
Posted: 30 July 2013 at 12:47pm
Yeah I know now. Also it created service with same name and it was in HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KRECWLENUZWGAI and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KRECWLENUZWGAI\ I've also found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TLDOEVYJKEN - it's probably the same instance of this crap.
Subject: KRECWLENUZWGAI entry in registry - suspicious
Posted: 30 July 2013 at 12:47pm
Yeah I know now. Also it created service with same name and it was in HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KRECWLENUZWGAI and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KRECWLENUZWGAI\ I've also found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TLDOEVYJKEN - it's probably the same instance of this crap.
They all were placed in C:\Users\User_Name\AppData\Local\Temp\ for a while. Hope I didn't get some firmware malware..