The virus file is not an actual virus, although it is broken and doesn't execute propertly. It does something with registry keys though.
E x t e r n a l A d a p t e r S o f t w a r e \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ U n a t t e n d S e t t i n g s I n t e r n a l I s B r i d g e I n t e r n a l A d a p t e r E n a b l e I C S 2 5 5 . 2 5 5 . 2 5 5 . 0 1 9 2 . 1 6 8 . 1 3 7 . 1 I n t e r f a c e s E n a b l e D H C P I P A d d r e s s S u b n e t M a s k S Y S T E M \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ T c p i p \ P a r a m e t e r s I c s U p g r a d e E v e n t N a m eRegQueryValueExW ‰�RegOpenKeyExW X�RegCloseKey ¦�RegSetValueExW ADVAPI32.dll j�GetLastError Ê CreateEventW Ž CloseHandle KERNEL32.dll 2�swprintf_s
It is not picked up by any anti-virus. Running it will do nothing and it will just close itself, no infections are present, no nothing.
HiJackThis brings up nothing either, MsConfig start up programs are normal, went through registry keys and nothing is out of place. Malwarebytes scan brings up nothing. netstat -o on command prompt doesn't bring up any unusual IPs.
Doesn't look like a RAT and has nothing to do with what happened to Ham. Sounds to me like he just got a random .exe file off his computer, named it to something suspicious and acted like it's the problem.
I would post it but I can get banned if it does end up being an actual RAT/keylogger/DDoS or w/e.
