New
#71
Hi guys, I also registered to tell that I finally found the source of my infection, in an AnyDVD update scheduled task :
This was triggered 3 times a week at 18:00
The malicious code is hidden in the ini file, as described in page 4.Code:C:\WINDOWS\system32\wscript.exe //nologo //B //E:jscript "C:\Users\(me)\AppData\Roaming\AnyDVD HD\settings.ini"
Kudos to people that hinted to check scheduled tasks, this thing was driving me crazy !
PC-SÉBASTIEN-29_12_2015__83417,50.zip
Last edited by sgauge; 29 Dec 2015 at 02:56.