Jump to content

Win64/CoinMiner.PR---6C5F504C7E35D29D0883C041B8F026DD3AEAB464


Recommended Posts

hi

i have a problem ,

eset detects the infection on the memory and erases it, and then the reset warning comes,

But the pollution still exists and has not been eliminated

 

 

Link to comment
Share on other sites

  • Administrators

Unfortunately you didn't select a SysInspector log to be collected. Please provide fresh ELC logs collected using the Threat detection template in ELC.

Link to comment
Share on other sites

  • Administrators

ELC was not run as an administrator, hence an ESI log was not generated:

WARNING: Action skipped, because not running under administrator account.

Link to comment
Share on other sites

  • Administrators

1, Make sure to enable LiveGrid and possibly also SSL filtering
2, Does the detection occur if you disconnect the server from LAN and reboot it?
3, Provide a Procmon boot log (send a download link via a personal message).

Link to comment
Share on other sites

Here's a VirusTotal link for Win64/CoinMiner.PR:https://www.virustotal.com/gui/file/a3b5713be5b0106513e293ffa57e81430c04ad53033dff2fc2a256abff188df5/details .

There's no way of knowing if this current infection is deploying using the same methods. In the posted VT link, it appears the coin miner was using PowerShell to start the coin miner. Also, it appears the coin miner is one of the following dropped execuable files:

Eset_Coinminer.png.37efcdc63c6ce65ebd239dc59dbd8038.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...