We checked up the file PUT.VBS and found it hazardous.
The file PUT.VBS must be deleted from the system immediately.
Kill the process PUT.VBS and remove PUT.VBS from the Windows startup.
Malware Analysis of PUT.VBS
Full path on a computer: %Appdata%\Defender\put.vbs
Detected by UnHackMe:
Item Name: Shell.exe
Author: Systemt
Related File: %APPDATA%\DEFENDER\SHELL.EXE
Type: Running Processes
Item Name: Skype.lnk
Author: Unknown
Related File: %APPDATA%\DEFENDER\USFT_EXT.EXE.VBS
Type: Startup Folder
Item Name: MACROMEDIA.EXE
Author: Systemt
Related File: %APPDATA%\DEFENDER\MACROMEDIA.EXE
Type: Multi AV Detected Files
Item Name: SHELL.EXE
Author: Systemt
Related File: %APPDATA%\DEFENDER\SHELL.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
PUT.VBS is known as:
Trojan.BitCoinMiner.D, Trojan.BitCoinMiner.D (B), Trojan.BitCoinMiner
PUT.VBS hash:
- MD5: 285afae3385ee7b1d24abc622b71627b
The file tries to download information from some web sites.
How to quickly detect PUT.VBS presence?
![]( "Folders")
Folders:
![]( "Files")
Files:
Folders:- %Appdata%\Defender
Files:- %Appdata%\Defender\coinutil.dll
- %Appdata%\Defender\kill.bat
- %Appdata%\Defender\macromedia.exe
- %Appdata%\Defender\miner.dll
- %Appdata%\Defender\phatk.cl
- %Appdata%\Defender\phatk.ptx
- %Appdata%\Defender\put.vbs
- %Appdata%\Defender\Shell.exe
- %Appdata%\Defender\usft_ext.dll
- %Appdata%\Defender\usft_ext.exe.vbs
- %Recent%\Defender.lnk
- %Recent%\usft_ext.exe.lnk
- %Startup%\Skype.lnk