Might explain why MRT took forever to run for May's Win Updates. Also a great example of malware using HTTPS to download malware. Actual instance where Comodo 90 day trial SSL cert. was used here: http://slickdeals.net/f/8529951-strange-pop-ups?p=82872490#post82872490
We had Powerliks at work and the company had Norton installed. It kept telling me I had an infection and it cleared it up. I did some research and found what to look for in task manager. I had also told the IT people about it. They were at the same time trying to fix managers computer because he was infected. I ended up using Esets repair program just for Powerliks. I then noticed how Kovter stole some of powerliks stuff. That IT company was fired and we got a new one. They only installed the free version of Malewarebyts and said that is all we needed. I am not so sure how good they are either. Yesterday I was looking at Malewarebytes quarantined tab and noticed the Trojan.Kovter listed. So some how they both managed to get on our work systems.
I was told by IT I can not install any other security programs. As far as my home, I am sure I am covered.
Kovter uses Powershell running under WMI: As demonstrated in these graphs this results in The Microsoft Scripting Engine (mshta.exe) is invoked through WMI, which in turn uses Powershell to start the previously observed regsvr32.exe, with the injected kovter payload. Ref.: http://blog.airbuscybersecurity.com...-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
I should have added , the first thing I did when I was seeing Nortons warnings was install Malwarebytes and do a full scan for Powerlik. It did not find anything and so I wonder how long we had this infection before Malwarebytes Caught it?
Historical analysis of Kovter here: http://www.securityweek.com/kovter-ad-fraud-trojan-evolves-ransomware Main issue currently is it is being deployed by ransomware.
Since we didn't notice any ransomware requests, it must have been stopped before hand. I am hoping. I did run Norton's removal tool and found no infection.
