Jump to content
Ali Akbar

Win32/Exploit.Agent.nzk

Recommended Posts

Hi ESET Team,

One of our client servers has infected by malware Win32/Exploit.Agent.NZK. ESET able to detect and clean the malware but the malware keep attacking the servers.

Please find bellow link to download the log from ESET Log Collector and output file from wmic process list

https://drive.google.com/open?id=1jU8ME89_udwQAtsLf-ZP3UgWFEO48ad8.

 

Any suggestion on how to stop this malware ?

Share this post


Link to post
Share on other sites

Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs:

c:\windows\system32\tasks\Sync
c:\windows\system32\tasks\Winnet

Please submit the two files to samples[at]eset.com in an archive encrypted with the password "infected".

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...