What is Adware.Lsmo ?
Adware.Lsmo is propagating using EternalBlue SMB exploit. It uses the Windows Management Instrumentation (WMI), like YeaBests, to store the content of the infection, making it a fileless malware.
The malware uses the CPU of the infected computer to mine cryptocurrencies, making it sluggish and sometimes overheat. Adware.Lsmo is a JS script registered as an instance of the WMI ActiveScriptEventConsumer class, with the “fuckyoumm2” tag.
The content of the script is executed when some events are delivered to it. For the time being, the myking.top domain seems to host the C&C.
How to Remove Adware.Lsmo ?
Starting with version 12.11.13, RogueKiller is able to detect and automatically remove Adware.Lsmo :
Step 1: RogueKiller
RogueKiller is an anti-malware scanner featuring advanced heuristics capabilities that are able to detect and remove a broad range of malware. It’s also able to detect potentially unwanted programs (PUP) and potentially unwanted system modifications (PUM).
- Please follow RogueKiller Tutorial to complete this step of the process.
Step 2: AdwCleaner
MalwareBytes AdwCleaner is a tool aimed at the removal of adware software.
- Please follow AdwCleaner Tutorial to complete this step of the process.
Step 3: Malwarebytes
MalwareBytes 3.0 is the latest version of MalwareBytes awarded product, Malwarebytes Anti-Malware.
- Please follow Malwarebytes Tutorial to complete this step of the process.
Step 4 (Optional): Adlice Forum
This standalone guide for malware removal should be able to clean most common malware. However, if you face an uncommon or stubborn infection, it could not be sufficient.
If that’s the case, don’t hesitate to open a new thread on our forum in the Malware Removal section.