-
Posts
21 -
Joined
-
Last visited
Posts posted by kingsyno
-
-
9 minutes ago, Marcos said:
For a start please provide logs collected with ESET Log Collector.
I have done so and sent to your inbox
-
Hello Guys, Please how do i solve this threat ; Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H
-
Hello all,
After upgrading from ERA to ESMC last week, one of the server is now reporting a reoccurring threat almost every 1hour. please see details below ;
Threat Type: Firewall : Security vulnerability exploitation
Cause: CVE-2017-5638.Struts2
Process Name: C:\Program Files\Java\jdk1.5.0_09\bin\java.exe
What could be the cause?
-
-
Hello Marcus,
My client server with ESET installation on it just had similar issues. Please what do we do?
-
Thank you James. This is well noted but how do we get rid of the threat now?
-
-
The ERA console reported a Trojan on 3 of our windows server caused by (Win32/Rozena.XK, Win32/RiskWare.Meterpeter.G and Powershell/Agent.DG) all with objects file:///powershell.exe. The threat caused by Win32/Rozena.XK and Win32/RiskWare.Meterpeter.G is being cleaned but reoccurs after every 5 minutes. Please assist. Attached are the log files
-
Hello all,
New win32/Exploit .Agent.NZK threat has occur again. Please advise.
Attached is the log file. -
17 hours ago, Marcos said:
If running an on-demand scan of the disk doesn't remove it, please provide ELC logs from the machine.
Hello Marcos, please take a look at this log file
-
The log file is about 90mb but only 10mb is allowed here. I just sent the attachment to sample@eset. Can you access it from there?
-
Dear all,
How do i get rid of this Win32/Rozena.XK threat?
-
Hello James,
Could you help with remote session to these servers? 4 of these servers keep reoccurring after the steps above. Please assist.
-
The Malware is occurring within the VLAN environment.
-
Hello James, this threat has come up again after 24hours on two servers for now. And the script above has been re-run and looks ok again. what do you advice we do next?
-
Thanks James. It is all good now
-
Thanks James. I could not upload the Log.txt but the ESET team in Nigeria has sent a zip file directly to your mail
-
-
Thanks. I will do so and revert
-
how do i get rid of the malware Win32/Exploit.Agent.NZK from the server
Win64/Riskware.Meterpreter.K, Win64/Rozena.Q, PowerShell/Kryptik.H
in Malware Finding and Cleaning
Posted
Have you receive it Marcos?