Flox.if virus registry entry AppInit_DLLs loaders cores.dll symsrv.dll

Malneb · 20 Feb 2024

This side of the coin is easier to deploy.

Tactical Threat Intelligence – Everything You Need to Know

if you want to tackle the malware once it has a foothold then you are on the other side of that coin and those are the people making the solutions to deploy but it also means immense knowledge to tackle malware. Security these days is about early prevention and minimizing attack vectors.

I have not had malware since i can recall at least since windows 7, preemptive measures go a long way, if i have anything then it has to be well under the radar. We let all sorts of stuff in our lan these days that are talking to the outside so the line is pretty thin on what malware is.

I have no signs that i can tell. But i am not an expert either i only know computing fundamentals not advanced computer science and malware science.
I try to keep on top of good practice so really if anything is happening on my lan then its pretty sophisticated that could also be the case for millions of other users at the same time.

I don't have any adverse effects that are visible and i trust my methods. But the line is getting pretty thin its hard to stay safe on the computer but if you are proactive then your security scales exponentially.

Daymin · 21 Feb 2024

Okay so this is how it is. I was doing all of this virus busting on a backup copy of my system. The actual system is far more worst.

I was successful in eliminating the virus by scanning and then uninstalling programs. Programs I knew would be problematic.
I manually deleted files, and then wipe the drive, and installed back the programs. Before hand I had to scan some of the programs.
Apparently boom I found a culpurate among-them and promptly deleted the file, and reinstalled. Working. I scanned the install
I had and boom it working.

Then some time later ( because I knew the program was not at fault but the mimic that would make me think it was the program
did it's horrible magic thing which I explained ). I deleted that, wiped. Waited, did some resets and no more virus. Just for fun I decided to see if I could trigger the file again by triggering AdobeICPbroker ( not explaining ). It worked and I recreated the problem
again. I did a scan and asides for Floxif I also found

VAiMSR / VIMSR

I waited ( this is a backup copy which I have multiple ), and sure enough Floxif appeared.

So I tried to check if I uninstalled the program I just installed and no more Floxif.

Then I took the install file and did a scan. It gave me.

Windows - Pioneer 3

Apparently this is also a Floxif creator, only it works slower. It attach it's code ( which you could see with resource hacker )

I re-downloaded this program again and found it to be clean. That being said the virus buster made my desktop inaccessible to
certain files. There is also a slow shutdown occurring. Which I assume is missing files or the virus buster taking it's time.

Only bad part about this is that I have to reinstall a couple of programs ( which I am going to via backups from 2016 ).
Even worst I might have to manually go through all my programs and decide what to keep and what not to keep.
Sometimes it is reporting false positives, and I should not have to go through any of this at all.

Like some twisted nightmare juice just from one file. Again this is the story

Windows pioneer 3 / VAiMSR / VIMSR -> attaches itself to various .exe and .dll
symsrv.dll -> writes a registry value ( which I found with Malewarebytes and you have to manually change the settings because it has more then the one setting malewarebytes detects )
AppInit_DLLs is in the HKEY and is a legal move being used with a timer
cores.dll is created after the first symsrv.dll is created -> and thus the first chain of .tmp/.temp files are created.
Deleting the affected/associated programs will not help because they are just being used as satellites/piggyback
to bounce the start location of the virus ( at this point we call the virus a Vampire like the covid virus ).
We need to kill the head vampire, the program that was installed with the code attached to it.

Even afterwards this whole entire thing could be triggered.

.................................................................................................... .................................................................................................... ...............................

What slows me down the most with this, whichever virus busting tool you are using, it will only show a limited amount of information. These tools will give you false reports and it is almost impossible to pin-point which is the actual virus and which
is something you installed intentionally. I should not have to go through this at all, the way I did.

Now I have to rush the actual operating system on the actual drive now I know what is causing the problems. I already know it is the start-up files.

I know

AdobeIPCbroker
Vmware
sheepshaver

are the carriers and could be reinstalled.

I know which programs are the original carriers.

I know which registry to delete.

I can not say thank you to you because you did not direct me and just told me to reinstall and that is not an option

Malneb · 21 Feb 2024

Lost for words at this point i don't think you could save yourself if it was handed to you on a gold platter.

~~Reinstall windows just to jump~~

right back in the fire.
if you really want to dick around then do it in a sandbox but i think its several layers of in to deep at this point.

Your whole construct sounds like one big attack vector at this point or its something you are doing along they way that is creating ground hog day.

flox
pioneer
VAiMSR

you are well infected man and that is only what you know of.

nuke it all your back ups and everything.
Stop downloading cracked software

Wiping the drive just to come right back full circle again is not inductive, those three malware are not going to be subject to just that that one drive the whole OS is subject to all this. I misread the other post but re reading it back now.

i don't know what else to say really.

Malneb · 21 Feb 2024

I am not trying to sound negative either but i am forward speaking.

What are you actually achieving here?

Not much at all.

Daymin · 21 Feb 2024

It is one virus and multiple loaders. I am using a Preimum Security suite to scan my install files in my backup.

Yes there are triggers on the main drive. Like the AdobeICPbroker that boots up if I run any Adobe program. However I could delete that and then reinstall.

I am having so much fun scanning folder by folder and seeing all the results pop up, then compressing what I want to keep and reinstalling what I feel I need.

In fact ( that fact I am on a backup ) I literally just click the thing to see if it will run. Amazingly whatever it is works, meanwhile the virus loader is setting off the anti-virus like insanity. Like so much I am unable to click delete when I need to. I got it in time.

I am okay and on the road to recovery. No more virus alerts from anything when it starts up. Did I mentioned I switched my anti-virus? It just tries to start up and boom/swat nullified.

...............................

The sad part without any anti-virus these thing was loading up .temp/.tmp of programs, dlls, it was planning to infect. I mean almost thirty from one executable, to almost ten. Repeat and Rinse. It even hopped into my other drive ( Mostly because I have shortcuts to it, since I use it a lot. ) This is why I was finding the same .dll being created and written to the same spot by multiple executables at one time.

I am getting there ?

...................................................

Why not reinstall ?

I have been tweaking this operating system manually for a very long time. There is so much that I have and had to do, and it makes no sense for me to do it again. It is like imagine spending two months carefully learning about cmd linstallation and usage only for it to go down the drain.

I am going to spend as much time

uninstalling

as much time

reinstalling

So I should save whatever I have, this way it will cost me less time in the future. It is my fault. This Floxif thing probably hopped from my windows 7 machine files and started the infection until I only noticed it via the errors. It can be stopped ( especially with the anti-virus I am using right now ).

I am getting far less false positives and more actual vicious installers.

I am half way there...after I clear my install drive ( where I keep my installation files ) it is off to the main event.

Just to let you know it is no longer triggering when I start up Windows. It is triggering when I click and exe file that is corrupted or a working program that is connected to another exe.

I am having fun here.