hamed_masoomi67 0 Posted May 23, 2018 Share Posted May 23, 2018 Hello Guys We have eset endpoint 6.5.2 on our systems and we have been infected by a malicious exe. eset can not detects the files. screenshot from virustotal and malicious files attached Link to comment Share on other sites More sharing options...
Administrators Marcos 5,173 Posted May 23, 2018 Administrators Share Posted May 23, 2018 Please submit the file as per the instructions at https://support.eset.com/kb141/. By the way, ServerGUi.exe is detected as a CoinMiner PUA. Make sure that you have detection of pot. unwanted applications enabled. NTRIGHTS.exe is a benign file. Link to comment Share on other sites More sharing options...
hamed_masoomi67 0 Posted May 23, 2018 Author Share Posted May 23, 2018 Thanks for Reply the name of malicious file is "splwow64Nt.exe" Best Regards Link to comment Share on other sites More sharing options...
Administrators Marcos 5,173 Posted May 23, 2018 Administrators Share Posted May 23, 2018 By just a quick look it's a non-onfuscated Autoit script with "Joakim Schicht" listed as the author, so probably related to https://github.com/jschicht. I've passed the script for further analysis to confirm or deny that it should be detected. Link to comment Share on other sites More sharing options...
hamed_masoomi67 0 Posted May 23, 2018 Author Share Posted May 23, 2018 Thank you very much Link to comment Share on other sites More sharing options...
Administrators Marcos 5,173 Posted May 23, 2018 Administrators Share Posted May 23, 2018 We have classified the executable as Win32/RiskWare.ProcessCritical.A application. Link to comment Share on other sites More sharing options...
Recommended Posts