-
Posts
21 -
Joined
-
Last visited
Everything posted by kingsyno
-
Hello all, After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ; Threat Type: Firewall : Security vulnerability exploitation Cause: CVE-2017-5638.Struts2 Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe What could be the cause?
-
Please see attached. I upgraded from ERA 6.X to ESMC 7 manually but can not connect to web console. The web browser says " this site cant be reached" Kindly assist please.
-
Hello Marcus, My client server with ESET installation on it just had similar issues. Please what do we do?
-
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Thank you James. This is well noted but how do we get rid of the threat now? -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
This is the eset log collector file link https://wetransfer.com/downloads/b94b47ae2cd7eaa2be89245180b8deed20180523140733/9dedce75de905d6c2075ba651c676c7d20180523140734/15ed1a -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
The ERA console reported a Trojan on 3 of our windows server caused by (Win32/Rozena.XK, Win32/RiskWare.Meterpeter.G and Powershell/Agent.DG) all with objects file:///powershell.exe. The threat caused by Win32/Rozena.XK and Win32/RiskWare.Meterpeter.G is being cleaned but reoccurs after every 5 minutes. Please assist. Attached are the log files logs_app.zip logs_ibts.zip logs_pd1.zip -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Hello all, New win32/Exploit .Agent.NZK threat has occur again. Please advise.Attached is the log file. wetransfer-4b3a68.zip -
Hello Marcos, please take a look at this log file MCHHM32__WMILister_MainLog_20180323.084031.3007.txt
-
The log file is about 90mb but only 10mb is allowed here. I just sent the attachment to sample@eset. Can you access it from there?
-
Dear all, How do i get rid of this Win32/Rozena.XK threat?
-
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Hello James, Could you help with remote session to these servers? 4 of these servers keep reoccurring after the steps above. Please assist. -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
The Malware is occurring within the VLAN environment. -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Hello James, this threat has come up again after 24hours on two servers for now. And the script above has been re-run and looks ok again. what do you advice we do next? -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Thanks James. It is all good now -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Thanks James. I could not upload the Log.txt but the ESET team in Nigeria has sent a zip file directly to your mail -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Hello Team, Please see attached the Processlist and Pl. txt file pl.txt ProcessList (1).txt -
Malware Win32/Exploit.Agent.NZK
kingsyno replied to kingsyno's topic in Malware Finding and Cleaning
Thanks. I will do so and revert -
how do i get rid of the malware Win32/Exploit.Agent.NZK from the server efsw_logs_1.zip