I was on omegle last night and I happened to stumble upon someone who was "developing a game" they offered to let me test their game
I was a little skeptical about the file he sent me over mediafire
"Games.rar" containing a folder called "Games" and inside that, a file called "GameCore.exe" consisting of 778019 bytes.
I put this file into my virus scanner and got nothing...
I put this file into a sandboxed desktop and ran it "GameCore.exe wants access outside of sandbox"
Guy on omegle has already left the chat
This is where it gets bad.. In the process of removing the file (selecting and deleting), I accidentally opened it...
It created a process I could not remove. I removed the original executable and shut down my computer for the night.
Just 20 minutes ago, I booted my computer up. Windows gave me a warning about how "GameCore.exe" wants to run a service
I clicked no/cancel and it still didn't remove the process. I opened CCleaner and removed GameCore.exe from the registry startup
I restarted my computer and removed the files only to find the same thing, but with "scsisvc.exe"
I repeated the process, and restarted in safe mod. I opened CCleaner and appdata and removed all startup stuff
I got it to stop running a process and I'm currently running a virus scan. I /really/ hope it didn't steal any passwords or personal data...
Here is a download, it was too big to attach here: https://www.dropbox.com/s/pjvo6nwcic8xboz/possible%20virus.zip
FF2DE.. was in %appdata%/roaming
scsisvc.exe was the registry executable
Games.rar is the file I was sent