chuong 0 Posted September 1, 2021 Posted September 1, 2021 Hi all, I have some windows servers 2012 standard effected XMR coin miner malware, when I view with processxp C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054 My servers has ESET Antivirus 7.x for windows but it cannot detect and remove this malware, please help, let me know if you need more information, thank you very much.
chuong 0 Posted September 1, 2021 Author Posted September 1, 2021 After update windows, restart , block all traffic in/out from/to pool.supportxmr.com , the malware process stil running but it doesn't consume CPU anymore , is it safe to delete C:\Windows\System32\XblGameUpdateTask.exe ?
Administrators Solution Marcos 5,453 Posted September 1, 2021 Administrators Solution Posted September 1, 2021 Is it the same machine / case as this one? https://forum.eset.com/topic/29656-server-100-cpu-performance/ Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it. notimportant 1
Recommended Posts