Jump to content
Arthur

Continued Win32/trickbot.ak and Win32/Kryptik.GJRP activity

Recommended Posts

Hello. We have continued activity on different systems from these two trojans showing up on our ESET Remote Administrator. What is odd (to me) is that activity is showing up on systems that never so much as opened a web browser. ESET is terminating connections and deleting, but the logs are full of this over and over.

 

I've done some searching, but I do not know why systems continue to get reinfected, especially ones that are never logged on or use email / web browser.

 

What is the next step with this? I am not sure if getting boot logs and such from these will do anything, since its various systems doing it, so there has to be something that continues to infect them? Much help would be appreciated. Should we reach out to support?

Share this post


Link to post
Share on other sites

Please provide me with logs as per the instructions that I will send you momentarily via a personal message.

Share this post


Link to post
Share on other sites

In another recent posting on Win32/Kryptik, he had it on his server. From there it could spread to network devices. So I would concentrate on making sure your server is not infected with it.

Share this post


Link to post
Share on other sites

This is a good example of how disabling the LiveGrid feedback system can negatively affect cleaning capabilities. I've requested a suspicious file from the user's machine and recommended to enable submission of suspicious files. With that enabled, the suspicious file would have already been submitted through LiveGrid and a detection would have been added for proper recognition and cleaning.

Share this post


Link to post
Share on other sites

To follow up, I ran Windows Update on the infected systems (and all the systems, afterwards) to bring everything up to date, and it appears to have resolved the reinfection issue. Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×