Ali Akbar 0 Posted May 14, 2019 Share Posted May 14, 2019 Hi ESET Team, One of our client servers has infected by malware Win32/Exploit.Agent.NZK. ESET able to detect and clean the malware but the malware keep attacking the servers. Please find bellow link to download the log from ESET Log Collector and output file from wmic process list https://drive.google.com/open?id=1jU8ME89_udwQAtsLf-ZP3UgWFEO48ad8. Any suggestion on how to stop this malware ? Link to comment Share on other sites More sharing options...
itman 1,542 Posted May 14, 2019 Share Posted May 14, 2019 Please refer to this forum thread: https://forum.eset.com/topic/14650-malware-win32exploitagentnzk/ Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted May 14, 2019 Administrators Share Posted May 14, 2019 Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs: c:\windows\system32\tasks\Sync c:\windows\system32\tasks\Winnet Please submit the two files to samples[at]eset.com in an archive encrypted with the password "infected". Link to comment Share on other sites More sharing options...
Recommended Posts