This is probably a stupid question, being a newby. Anyway, I am trying to RE a malware (msrll.exe) for a technical paper and I notice that the malware won't allow me to delete it from the task manager and neither the folder that it created "mfm". It also starts itself up at reboot but it is not located under the current version/update on the registry.
The question is how is sticking around, meaning how is stopping me from killing it?. So far I have only done the behaviour analysis , I haven't started with the code analysis yet.
i hope this doesn't sound stupid, but is the program running as a service?
These two links might help:
I couldnt really find much other useful info though. Hope this helps.
|All times are GMT -4. The time now is 02:44 AM.|
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.