Jump to content

repeatedly NSIS / CoinMiner.T Trojan

johnh

By johnh
in Malware Finding and Cleaning

 Share

Recommended Posts

johnh

johnh 0

Posted
Posted

Aletra virus repeatedly NSIS / CoinMiner.T Trojan. Disinfected by deletion but does not appear in the registry or in quarantine. Then once again comes NSIS / CoinMiner.T Trojan ....
Help

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

For a start, please provide logs collected with ESET Log Collector. Feel free to post the generated archive here since attachments are not available to other users than ESET's staff.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

I'd strongly recommend uninstalling EEA v5 and installing the latest EEA v7.1. Instead of updating from a mirror, I'd suggest using ESET HTTP Proxy to cache dowloaded files and thus save network traffic. Also when updating from a mirror you lose streamed updates that are downloaded every few minutes and thus ensure maximum protection against newly emerging threats.

As for the malware, it seems to be spreading from a remote share. Does temporarily disconnecting the machine from LAN stop malware detections? Please carry on as follows:
- upgrade Endpoint on the machine to v7.1. Ideally install Endpoint from scratch, ie. uninstall v5 first.
- run a full disk scan
- collect fresh logs with ELC and upload the generated archive here.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...