Jump to content

Eset Mail Sec found Virus in windows\temp folder in connection with parserserver.exe


Recommended Posts

Hello, 

is this critical? Do you think its a fault that I didn´t exclude Exchange folders in ESET? (automatic exclusions aren´t activated)

(exchange 2013 server with eset mail security 4.5)
Exchange Folders/Processes are´t excluded. Settings are on default.
Parserserver.exe = microsoft exchange search index
I checked this, but the mentioned entries are´t in the registry: hxxp://www.virusradar.com/en/Win32_PSW.Fareit.A/description

Thx, best regards

 

06.2017 10:49:15 Real-time file protection file C: \ Windows \ TEMP \ O .................. tmp Win32 / 
PSW.Fareit.A Trojan Cleaned by deleting NT- AUTORITY \ SYSTEM Event when editing a file by the application:
 \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 
5394 .................... 02.06.2017 10:49:14

C: \ Windows \ TEMP \ OICE _ tmp Win32 / 
PSW.Fareit.A Trojan Cleaned by deleting NT AUTHORITY \ SYSTEM Event at Edit A file through the application: 
\ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 
5394 ................ 02.06.2017 10:49:12


02.06.2017 10:49:12 Real-time file protection file C: \ Windows \ TEMP \ OICE tmp variant of MSIL / Injector.MWQ Trojans cleaned by Delete NT AUTHORITY \ SYSTEM Event when editing a file by the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. B5394 ..................... 02.06.2017 10:49:11
02.06.2017 10:49:09 Real-time file protection file C: \ Windows \ TEMP \ OICE _.............. tmp Variant of MSIL / Injector.MVR Trojans Cleaned by deleting NT AUTHORITY \ SYSTEM Event when editing a file by the application: \ Device \ HarddiskVolume2 \ Program Files \ Microsoft \ ExchangeServer \ V15 \ Bin \ Search \ Ceres \ ParserServer \ ParserServer.exe. 6186 ...................... 02.06.2017 10:49:07

 

Link to comment
Share on other sites

  • Administrators

First of all, please uninstall EMSX 4.5 and install v6.5 with default settings and automatic exclusions. Only v6 fully supports modern Windows Server systems. Let us know about the result.

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Also don't forget to upgrade to EMSX v6.5 which provides much better protection especially thanks to LiveGrid. Ideally do not install it over but uninstall v4.5 first.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...