baran 0 Posted May 18, 2021 Share Posted May 18, 2021 hi i have a problem , eset detects the infection on the memory and erases it, and then the reset warning comes, But the pollution still exists and has not been eliminated Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted May 18, 2021 Administrators Share Posted May 18, 2021 Unfortunately you didn't select a SysInspector log to be collected. Please provide fresh ELC logs collected using the Threat detection template in ELC. Link to comment Share on other sites More sharing options...
baran 0 Posted May 18, 2021 Author Share Posted May 18, 2021 here you are. thank you for support. eea_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted May 18, 2021 Administrators Share Posted May 18, 2021 ELC was not run as an administrator, hence an ESI log was not generated: WARNING: Action skipped, because not running under administrator account. Link to comment Share on other sites More sharing options...
baran 0 Posted May 25, 2021 Author Share Posted May 25, 2021 hi marcos please help me , My servers and Clients resets regularly,its so bad esetlog.zip esetlogg.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted May 25, 2021 Administrators Share Posted May 25, 2021 1, Make sure to enable LiveGrid and possibly also SSL filtering 2, Does the detection occur if you disconnect the server from LAN and reboot it? 3, Provide a Procmon boot log (send a download link via a personal message). Link to comment Share on other sites More sharing options...
itman 1,754 Posted May 25, 2021 Share Posted May 25, 2021 Here's a VirusTotal link for Win64/CoinMiner.PR:https://www.virustotal.com/gui/file/a3b5713be5b0106513e293ffa57e81430c04ad53033dff2fc2a256abff188df5/details . There's no way of knowing if this current infection is deploying using the same methods. In the posted VT link, it appears the coin miner was using PowerShell to start the coin miner. Also, it appears the coin miner is one of the following dropped execuable files: Link to comment Share on other sites More sharing options...
Recommended Posts