Virus keep coming back?

[Erwin - IT support groep 0]

Since april ESET is giving a warning that the endpoint has found a Trojan and delete it by cleaning. Trojan is deleted (atleast that is what the system is saying), the next day the Trojan is back and get deleted again. I scanned the endpoint with a full pc scan and nothing has been found, but still every day the Trojan is back. 

 

How can it be that ESET doesn't find anything on full scan, but everyday keep saying that ESET deleted a Trojan. 

Trojan: Win32/Exploit.CVE-2017-11882.B

[Marcos 5,070]

What version of MS do you use? Do you have all critical updates for MS Office installed?

Please drop me a message with logs gathered by ESET Log Collector attached.

[Erwin - IT support groep 0]

Office 365 and system and office are up to date.

At the moment I cannot connect to the device. The device is at our customer. 

 

Is there a way to get the logs without connection to they devices?

 

i am kinda new to ESET.

 

[itman 1,659]

6 hours ago, Erwin - IT support groep said:

Trojan is deleted (atleast that is what the system is saying), the next day the Trojan is back and get deleted again

This usually indicates the malware has established persistence on the device. It reloads itself at system startup time. You might want to read my comments about like detection methods for this here: https://forum.eset.com/topic/15595-coin-miner/

Edited May 31, 2018 by itman

[Erwin - IT support groep 0]

35 minutes ago, itman said:

This usually indicates the malware has established persistence on the device. It reloads itself at system startup time. You might want to read my comments about like detection methods for this here: https://forum.eset.com/topic/15595-coin-miner/

Thanks I will look into this.

[Marcos 5,070]

On 5/31/2018 at 12:06 PM, Erwin - IT support groep said:

Is there a way to get the logs without connection to they devices?

No, it's not possible since the tool gathers logs from the system as well as ESET's logs, configuration, etc.