Jump to content

Win32/Exploit.Agent.nzk

Ali Akbar
 Share

Recommended Posts

Ali Akbar

Ali Akbar 0

Posted
Posted

Hi ESET Team,

One of our client servers has infected by malware Win32/Exploit.Agent.NZK. ESET able to detect and clean the malware but the malware keep attacking the servers.

Please find bellow link to download the log from ESET Log Collector and output file from wmic process list

https://drive.google.com/open?id=1jU8ME89_udwQAtsLf-ZP3UgWFEO48ad8.

 

Any suggestion on how to stop this malware ?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs:

c:\windows\system32\tasks\Sync
c:\windows\system32\tasks\Winnet

Please submit the two files to samples[at]eset.com in an archive encrypted with the password "infected".

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...