Timeline for Instance of Windowsformapp repeatedly creates an executable in the temp folder called "Velo.exe" in Windows 10
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 18, 2022 at 15:34 | comment | added | qwertxyz | I found a key "PendingFileRenameOperations" with the names of the folders created by Velo.exe in temp in Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager and Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager | |
| Jan 18, 2022 at 15:29 | comment | added | qwertxyz | I deactivated everything related to Velo.exe with Autoruns and deleted all related registry keys, but it keeps starting and replicating itself | |
| Jan 18, 2022 at 15:17 | review | Close votes | |||
| Feb 3, 2022 at 3:08 | |||||
| Jan 18, 2022 at 14:54 | comment | added | Ramhound | I would use AutoRuns and the registry editor to see how the application is being automatically installed, while the behavior is odd, the fact only off brand security vendors are detecting it as malicious tells me it's not actually malicious. ' | |
| Jan 18, 2022 at 14:36 | comment | added | qwertxyz | Here: virustotal.com/gui/file/… | |
| Jan 18, 2022 at 14:33 | comment | added | Ramhound | It would be helpful if you uploaded the binary to something more mainstream like VirusTotal | |
| Jan 18, 2022 at 13:50 | comment | added | qwertxyz | I've tried everything and run scans, remove the file, clean up logs, but the application always reactivates: what can I do to get rid of it? | |
| Jan 18, 2022 at 13:48 | comment | added | Ramhound | What exactly is your question? If you suspect it's a trojan take the necessary steps to remove it from your system. | |
| S Jan 18, 2022 at 13:28 | review | First questions | |||
| Jan 18, 2022 at 13:33 | |||||
| S Jan 18, 2022 at 13:28 | history | asked | qwertxyz | CC BY-SA 4.0 |