Jump to content
johnh

repeatedly NSIS / CoinMiner.T Trojan

Recommended Posts

Aletra virus repeatedly NSIS / CoinMiner.T Trojan. Disinfected by deletion but does not appear in the registry or in quarantine. Then once again comes NSIS / CoinMiner.T Trojan ....
Help

Share this post


Link to post
Share on other sites

For a start, please provide logs collected with ESET Log Collector. Feel free to post the generated archive here since attachments are not available to other users than ESET's staff.

Share this post


Link to post
Share on other sites

oK. I will

 

Edited by johnh

Share this post


Link to post
Share on other sites
2 hours ago, johnh said:

oK. I will

You have removed the logs. Any reason for that?

Share this post


Link to post
Share on other sites

I'd strongly recommend uninstalling EEA v5 and installing the latest EEA v7.1. Instead of updating from a mirror, I'd suggest using ESET HTTP Proxy to cache dowloaded files and thus save network traffic. Also when updating from a mirror you lose streamed updates that are downloaded every few minutes and thus ensure maximum protection against newly emerging threats.

As for the malware, it seems to be spreading from a remote share. Does temporarily disconnecting the machine from LAN stop malware detections? Please carry on as follows:
- upgrade Endpoint on the machine to v7.1. Ideally install Endpoint from scratch, ie. uninstall v5 first.
- run a full disk scan
- collect fresh logs with ELC and upload the generated archive here.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...