Arthur 1 Posted August 9, 2018 Share Posted August 9, 2018 Hello. We have continued activity on different systems from these two trojans showing up on our ESET Remote Administrator. What is odd (to me) is that activity is showing up on systems that never so much as opened a web browser. ESET is terminating connections and deleting, but the logs are full of this over and over. I've done some searching, but I do not know why systems continue to get reinfected, especially ones that are never logged on or use email / web browser. What is the next step with this? I am not sure if getting boot logs and such from these will do anything, since its various systems doing it, so there has to be something that continues to infect them? Much help would be appreciated. Should we reach out to support? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted August 10, 2018 Administrators Share Posted August 10, 2018 Please provide me with logs as per the instructions that I will send you momentarily via a personal message. Link to comment Share on other sites More sharing options...
itman 1,746 Posted August 10, 2018 Share Posted August 10, 2018 In another recent posting on Win32/Kryptik, he had it on his server. From there it could spread to network devices. So I would concentrate on making sure your server is not infected with it. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted August 10, 2018 Administrators Share Posted August 10, 2018 This is a good example of how disabling the LiveGrid feedback system can negatively affect cleaning capabilities. I've requested a suspicious file from the user's machine and recommended to enable submission of suspicious files. With that enabled, the suspicious file would have already been submitted through LiveGrid and a detection would have been added for proper recognition and cleaning. Link to comment Share on other sites More sharing options...
Arthur 1 Posted August 16, 2018 Author Share Posted August 16, 2018 To follow up, I ran Windows Update on the infected systems (and all the systems, afterwards) to bring everything up to date, and it appears to have resolved the reinfection issue. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts