Jump to content

Trojan keep detected by Eset


santoso
 Share

Recommended Posts

Hello,

We have windows server with eset file security v 7 installed and updated. in notification always detect trojan.
Real-time file system protection    file    C:\Windows\system32\srv64    Win64/Vools.F trojan    cleaned by deleting    NT AUTHORITY\SYSTEM    Event occurred on a new file created by the application: C:\Windows\System32\lsass.exe

Scan with in dept scan mode, reboot server. but Eset always detect this kind trojan

How to solved this case, thank you

Link to comment
Share on other sites

  • Administrators

Probably the server does not have all critical security updates installed. Please gather logs with ESET Log Collector.

Also do the following:
- disconnect the computer from network
- run a full disk scan and clean found malware
- reboot the server
- run a full disk scan.

Let us know if no threats were found during the second scan.

Link to comment
Share on other sites

Eset doesn't have a detailed write up on this variant, Win64/Vools.F trojan, but does have one for an earlier variant: https://www.virusradar.com/en/Win64_Vools.B/description .

It appears this malware is designed to exploit the well publicized SMBv1 vulnerability disclosed here and patched in 2017: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...