Bogdan Florin
Members-
Posts
17 -
Joined
-
Last visited
About Bogdan Florin
-
Rank
Newbie
Profile Information
-
Gender
Male
-
Location
Romania
-
Banload.AYD virused a Hyper-V Virtual Machine
Bogdan Florin replied to Bogdan Florin's topic in Malware Finding and Cleaning
Old machine is gone but rest of advises are welcomed and will be followed. We delete 25 years of email and contacts. That's tough. As much I search Internet I NEVER found a solution who FIX a Recovered from Delete VM file. No one imagine this solution would be needed sometime somehow ? -
Banload.AYD virused a Hyper-V Virtual Machine
Bogdan Florin replied to Bogdan Florin's topic in Malware Finding and Cleaning
it is highly probable than NOD32 would behave the same under this circumstances. I research all internet about Banload.AYD in MBR and there is absolute NO Documentation at all. but now my bigest problem is to make VM to work again, and than will have to solve the Trojan issue. -
Banload.AYD virused a Hyper-V Virtual Machine
Bogdan Florin replied to Bogdan Florin's topic in Malware Finding and Cleaning
After I was able to recover deleted .vhdx file by Win Security Antivirus ... I get stuck in adding this file back to Virtual Machine in order to start. All my problem begin because of the Banload.AYD who arrive somehow in VM EFI and MS Antivirus inside VM was unable to see it, only MS Antivirus from HOst was seing it and delete the VM VHDX file. Any help how to make this VM work after I recover deleted VHDX file ? it is massive stress on me since all Google Leads arrive in dead end. No Checkpoint, no backup, not very big experience with VM -
Banload.AYD virused a Hyper-V Virtual Machine
Bogdan Florin replied to Bogdan Florin's topic in Malware Finding and Cleaning
Thank you for answering so fast. I do not have ESET installed neither on Hyper-V HOST and neither on VM. Please advice. Right now I'm recovering the VM. -
Banload.AYD virused a Hyper-V Virtual Machine
Bogdan Florin replied to Bogdan Florin's topic in Malware Finding and Cleaning
I use Data Deletion Recover Tool to recover .vhdx file of eMail VM machine .. but if I manage to mount back online .. I will still have the same TorjanDownloader - Banload.AYD issue who install himself to MBR. -
I have a Hyper-V Host machine with Windows 2019 called "mnhost02"On this machine I have a Virtual Machine called "eMail" who is also Windows 2019 + Exchange 2019the Windows Security Antivirus from Host mnhost02 detect the Trojan Downloader Banload.AYD on VM eMail and was unable to Quarantine or Remove since VM eMail was running. I stop it. Than the Win Security Antivirus from Host mnhost02 simply delete the virtual HDD of VM eMail machine creating BIIIIG problem.Previous scanning VM eMail from inside with Win Security Antivirus does not show any infection !!!It seems to be a Boot infection and Win Security within the infected machine eMail it is not seeing it.Any suggestion how to remove a MBR Virus on a Virtual Machine ???Your suggestion will be greatly appreciated.
-
ESET Mail Security
Bogdan Florin replied to Bogdan Florin's topic in ESET Products for Windows Servers
if your software have option to scan mailbox .. than that one should work too. -
Other example or idea: you can transform this product into something protecting IIS or SQL not only simple firewall but also inspecting commands received by the server and by this way to be able to stop an attack BEFORE arrive the request to the IIS. It is an example. Joust firewall is not enough, it also required Packet Inspection BEFORE arriving to IIS. The GUY is nice, to pity to discontinue.
-
ESET Mail Security
Bogdan Florin replied to Bogdan Florin's topic in ESET Products for Windows Servers
/Setup /Ignore Server certificate .... it allow the AV to scan the mailboxes. It is true that we use Let'S Encrypt certificate who is not Official World Wide, kind of "cheap" certificate. I will check later if scan also the files. -
ESET Mail Security
Bogdan Florin replied to Bogdan Florin's topic in ESET Products for Windows Servers
Surprise, surprise. Mail Security does not know to scan also the FILE SYSTEM. Others servers have 200-300k files and Exchange is much bigger in numbers but .. from unknown reason does not scan any of them. Hmmm -
Scanning Mailbox database ... return this error. I was added an Exch admin user previously. Regards, Bogdan