Report virus / trojan

Archive
1

* I don't speak so much english, please excuse my mistakes.

Hi,

somedays ago a girl come to my cyber to print a file, when I plug in the Flash Drive I noticed that have a virus / trojan, I don't care too much about that until next day when I start up my PC I noticed that was taking so much in load the MBR. I scan my pc with 3 distinct antivirus and no one detect the trojan, so I started to look by myself and this is what I find.

I start the 'Process Explorer' application developed by Sysinternals to find processes that might be a bit strange, and I did, I found a Windows installation process that would connect the flash memory system logs in addition to performing actions on it. After that open the msconfig and looked for any service or application that is open at system startup and I seem weird, and I did again, I find a key, and this is what he had.

12795202 10207749711534879 2313693922746811096 o 12029779 10207750187186770 2251055917353406480 o 12778743 10207750185266722 5393111016311578731 o

The key YIOS is encoded in base64, so I decoded online with www.base64decode.org

http://pastebin.com/7JkrwEwQ

Unfortunately I do not know the language of Powershell, so I could not go further.

I think that the variable $ OCBTIZTYSZFRYUFB wqDfasZVujcjBaUU needs the function to be properly deciphered by a tour of bytes.

Greetings, I hope some help.