repeatedly NSIS / CoinMiner.T Trojan

[johnh 0]

Aletra virus repeatedly NSIS / CoinMiner.T Trojan. Disinfected by deletion but does not appear in the registry or in quarantine. Then once again comes NSIS / CoinMiner.T Trojan ....
Help

[Marcos 4,705]

For a start, please provide logs collected with ESET Log Collector. Feel free to post the generated archive here since attachments are not available to other users than ESET's staff.

[johnh 0]

oK. I will

 

Edited September 19, 2019 by johnh

[Marcos 4,705]

2 hours ago, johnh said:

oK. I will

You have removed the logs. Any reason for that?

[johnh 0]

No reason, i,ve uploaded now thw right logs. 

eea_logs.zip

[Marcos 4,705]

I'd strongly recommend uninstalling EEA v5 and installing the latest EEA v7.1. Instead of updating from a mirror, I'd suggest using ESET HTTP Proxy to cache dowloaded files and thus save network traffic. Also when updating from a mirror you lose streamed updates that are downloaded every few minutes and thus ensure maximum protection against newly emerging threats.

As for the malware, it seems to be spreading from a remote share. Does temporarily disconnecting the machine from LAN stop malware detections? Please carry on as follows:
- upgrade Endpoint on the machine to v7.1. Ideally install Endpoint from scratch, ie. uninstall v5 first.
- run a full disk scan
- collect fresh logs with ELC and upload the generated archive here.

[johnh 0]

Ok. Thanks very much fo the help.