WMI Commandline Utility Malware Pop Ups – Click NO!

I was helping out a FreeFixer user this morning, trying to track down some malware in his FreeFixer log that he sent me.

While searching for information about a .DLL file, I found a spam post on imgur.com, which linked to another web page that started a download of an executable file.

And this one is pretty nasty. Look at the executable file. As you can see the file is digitally signed by Free Sky Business LP.

exe-free-sky-business-lp

Typically, when you double-click on a file like this, Windows pops up an User Account Control dialog asking if you trust “Free Sky Business LP”. However, this one manage to pop-up and UAC for Microsoft’s WMI Commandline Utility.

wmi-commandline-utility-pop-up

If you click no, the UAC dialog will pop-up again and again and again…

Until you click Yes, which starts the installation of FileFinder.exe.

filefinder

So watch out! Don’t click Yes if the Microsoft’s WMI Commandline Utility UAC dialog pops up.