Jump to content

PowerShell/TrojanDownloader.Agent.DV trojan


Go to solution Solved by Marcos,

Recommended Posts

I have several Windows Servers that consistently detect PowerShell/TrojanDownloader.Agent trojan. Every time EFSW shows cleaned by deleting, but the same log appears again after a few hours. How to solve this problem?

Screenshot_2021-06-29_15-31-49.thumb.png.bd200fc64e779e3a11ac3d3e6796771c.png

 

One of the log collector file. efsw_logs.zip

Link to comment
Share on other sites

  • Administrators
  • Solution

Please delete in safe mode:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A}

EFSW was installed on June 25, the threat was removed or cleaned before but not completely.

Link to comment
Share on other sites

41 minutes ago, Marcos said:

Please delete in safe mode:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A}

EFSW was installed on June 25, the threat was removed or cleaned before but not completely.

Thanks for your help. I'll try to delete them ASAP.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...