kingsyno

Have you receive it Marcos?

I have done so and sent to your inbox

Hello Guys, Please how do i solve this threat ; Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H

Hello all, After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ; Threat Type: Firewall : Security vulnerability exploitation Cause: CVE-2017-5638.Struts2 Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe What could be the cause?

Please see attached. I upgraded from ERA 6.X to ESMC 7 manually but can not connect to web console. The web browser says " this site cant be reached" Kindly assist please.

Hello Marcus, My client server with ESET installation on it just had similar issues. Please what do we do?

Thank you James. This is well noted but how do we get rid of the threat now?

This is the eset log collector file link https://wetransfer.com/downloads/b94b47ae2cd7eaa2be89245180b8deed20180523140733/9dedce75de905d6c2075ba651c676c7d20180523140734/15ed1a

The ERA console reported a Trojan on 3 of our windows server caused by (Win32/Rozena.XK, Win32/RiskWare.Meterpeter.G and Powershell/Agent.DG) all with objects file:///powershell.exe. The threat caused by Win32/Rozena.XK and Win32/RiskWare.Meterpeter.G is being cleaned but reoccurs after every 5 minutes. Please assist. Attached are the log files logs_app.zip logs_ibts.zip logs_pd1.zip

Hello all, New win32/Exploit .Agent.NZK threat has occur again. Please advise.Attached is the log file. wetransfer-4b3a68.zip

Hello Marcos, please take a look at this log file MCHHM32__WMILister_MainLog_20180323.084031.3007.txt

The log file is about 90mb but only 10mb is allowed here. I just sent the attachment to sample@eset. Can you access it from there?

Dear all, How do i get rid of this Win32/Rozena.XK threat?

Hello James, Could you help with remote session to these servers? 4 of these servers keep reoccurring after the steps above. Please assist.

The Malware is occurring within the VLAN environment.

Hello James, this threat has come up again after 24hours on two servers for now. And the script above has been re-run and looks ok again. what do you advice we do next?

Thanks James. It is all good now

Thanks James. I could not upload the Log.txt but the ESET team in Nigeria has sent a zip file directly to your mail

Hello Team, Please see attached the Processlist and Pl. txt file pl.txt ProcessList (1).txt

Thanks. I will do so and revert

how do i get rid of the malware Win32/Exploit.Agent.NZK from the server efsw_logs_1.zip