Sintec 0 Posted January 21 Share Posted January 21 Dear community, I'm hunting for malware on a Windows Server 2012R2 and found out, that it's most likley something like "WannaMine" or acting similar. I was pointed to a tool called WMILister to be found here, but those download links ( https://eset.sharefile.com/share/view/sb6232c1bc5240709 ) don't work anymore. Can someone provide a working link for me? Many thanks! Martin Quote Link to post Share on other sites
Administrators Marcos 3,591 Posted January 21 Administrators Share Posted January 21 Please provide logs collected with ESET Log Collector for a start. Quote Link to post Share on other sites
Solution kermit80 0 Posted January 21 Solution Share Posted January 21 (edited) 4 hours ago, Sintec said: Can someone provide a working link for me? version 3.4 is available here: https://www.xednaps.com/2018/05/06/wmilister/ I don't know what the latest version should be though. Anyway, it worked for me a couple of times. Edited January 21 by kermit80 Quote Link to post Share on other sites
Sintec 0 Posted January 26 Author Share Posted January 26 Thank you (and thank you JamesR) for your help. We could find and delete all entries from our server. Quote Link to post Share on other sites
Administrators Marcos 3,591 Posted January 26 Administrators Share Posted January 26 We would have welcome if you could collaborate with us and provide logs before you delete malware using 3rd party tools in the future. It might help us improve protection and protect also your computers from similar malware. Quote Link to post Share on other sites
itman 937 Posted January 27 Share Posted January 27 21 hours ago, Marcos said: We would have welcome if you could collaborate with us and provide logs before you delete malware using 3rd party tools in the future. It might help us improve protection and protect also your computers from similar malware. OP never explicitly stated he had Eset installed. I suspect that he was just looking for the tool. If Eset was installled, an on-demand scan should have been able to detect WMI malware since it now scans WMI entries. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.