{"id":8355,"date":"2016-12-08T11:57:55","date_gmt":"2016-12-08T11:57:55","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=8355"},"modified":"2018-05-29T11:55:36","modified_gmt":"2018-05-29T11:55:36","slug":"wmi-commandline-utility-malware-pop-up","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/wmi-commandline-utility-malware-pop-up\/","title":{"rendered":"WMI Commandline Utility Malware Pop Ups – Click NO!"},"content":{"rendered":"

I was helping out a FreeFixer<\/a> user this morning, trying to track down some malware in his FreeFixer log that he sent me.<\/p>\n

While searching for information about a .DLL file, I found a spam post on\u00a0imgur.com, which linked to another web page that started a download of an executable file.<\/p>\n

And this one is pretty nasty. Look at the executable file. As you can see the file is digitally signed by Free Sky Business LP<\/a>.<\/p>\n

\"exe-free-sky-business-lp\"<\/a><\/p>\n

Typically, when you double-click on a file like this, Windows pops up an User Account Control dialog asking if you trust “Free Sky Business LP”. However, this one manage to pop-up and UAC for Microsoft’s WMI Commandline Utility<\/strong>.<\/p>\n

\"wmi-commandline-utility-pop-up\"<\/a><\/p>\n

If you click no, the UAC dialog will pop-up again and again and again…<\/p>\n

Until you click Yes, which starts the installation of FileFinder.exe<\/a>.<\/p>\n

\"filefinder\"<\/a><\/p>\n

So watch out! Don’t click Yes if the\u00a0Microsoft’s WMI Commandline Utility<\/strong> UAC dialog pops up.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

I was helping out a FreeFixer user this morning, trying to track down some malware in his FreeFixer log that he sent me. While searching for information about a .DLL file, I found a spam post on\u00a0imgur.com, which linked to another web page that started a download of an executable file. And this one is … Continue reading WMI Commandline Utility Malware Pop Ups – Click NO!<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[19],"tags":[],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/8355"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=8355"}],"version-history":[{"count":2,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/8355\/revisions"}],"predecessor-version":[{"id":8361,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/8355\/revisions\/8361"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=8355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=8355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=8355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}