[Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H]

Have you receive it Marcos?

[Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H]

9 minutes ago, Marcos said:

For a start please provide logs collected with ESET Log Collector.

I have done so and sent to your inbox

[Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H]

Hello Guys, Please how do i solve this threat ; Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H

 

[CVE-2017-5638.Struts2]

Hello all,

 

After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ;

Threat Type: Firewall : Security vulnerability exploitation

Cause: CVE-2017-5638.Struts2

Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe

What could be the cause?

 

[ESMC UPGRADE ISSUE]

Please see attached. I upgraded from ERA 6.X to ESMC 7 manually but can not connect to web console. The web browser says " this site cant be reached" Kindly assist please.

[GandCrab 5.0.4 Ransomware]

Hello Marcus,

My client server with ESET installation on it just had similar issues. Please what do we do?

 

[Malware Win32/Exploit.Agent.NZK]

Thank you James. This is well noted but how do we get rid of the threat now?

[Malware Win32/Exploit.Agent.NZK]

This is the eset log collector file link

https://wetransfer.com/downloads/b94b47ae2cd7eaa2be89245180b8deed20180523140733/9dedce75de905d6c2075ba651c676c7d20180523140734/15ed1a

[Malware Win32/Exploit.Agent.NZK]

The ERA console reported a Trojan on 3 of our windows server caused by (Win32/Rozena.XK, Win32/RiskWare.Meterpeter.G and Powershell/Agent.DG) all with objects file:///powershell.exe. The threat caused by Win32/Rozena.XK and Win32/RiskWare.Meterpeter.G is being cleaned but reoccurs after every 5 minutes. Please assist. Attached are the log files

logs_app.zip

logs_ibts.zip

logs_pd1.zip

[Malware Win32/Exploit.Agent.NZK]

Hello all,

New win32/Exploit .Agent.NZK threat has occur again. Please advise.
Attached is the log file.

 

wetransfer-4b3a68.zip

[Trojan Threat]

17 hours ago, Marcos said:

If running an on-demand scan of the disk doesn't remove it, please provide ELC logs from the machine.

Hello Marcos, please take a look at this log file

MCHHM32__WMILister_MainLog_20180323.084031.3007.txt

[Trojan Threat]

The log file is about 90mb but only 10mb is allowed here. I just sent the attachment to sample@eset. Can you access it from there?

[Trojan Threat]

Dear all,

 

How do i get rid of this Win32/Rozena.XK threat?

[Malware Win32/Exploit.Agent.NZK]

Hello James,

 

Could you help with remote session to these servers? 4 of these servers keep reoccurring after the steps above. Please assist.

[Malware Win32/Exploit.Agent.NZK]

The Malware is occurring within the VLAN environment.

[Malware Win32/Exploit.Agent.NZK]

Hello James, this threat has come up again after 24hours on two servers for now. And the script above has been re-run and looks ok again. what do you advice we do next?

[Malware Win32/Exploit.Agent.NZK]

Thanks James. It is all good now

[Malware Win32/Exploit.Agent.NZK]

Thanks James. I could not upload the Log.txt but the ESET team in Nigeria has sent a zip file directly to your mail

[Malware Win32/Exploit.Agent.NZK]

Hello Team,

 

Please see attached the Processlist and Pl. txt file

pl.txt

ProcessList (1).txt

[Malware Win32/Exploit.Agent.NZK]

Thanks. I will do so and revert

[Malware Win32/Exploit.Agent.NZK]

how do i get rid of the malware Win32/Exploit.Agent.NZK from the server

efsw_logs_1.zip