chuong 0 Posted September 1, 2021 Share Posted September 1, 2021 Hi all, I have some windows servers 2012 standard effected XMR coin miner malware, when I view with processxp C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054 My servers has ESET Antivirus 7.x for windows but it cannot detect and remove this malware, please help, let me know if you need more information, thank you very much. Link to comment Share on other sites More sharing options...
chuong 0 Posted September 1, 2021 Author Share Posted September 1, 2021 After update windows, restart , block all traffic in/out from/to pool.supportxmr.com , the malware process stil running but it doesn't consume CPU anymore , is it safe to delete C:\Windows\System32\XblGameUpdateTask.exe ? Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,718 Posted September 1, 2021 Administrators Solution Share Posted September 1, 2021 Is it the same machine / case as this one? https://forum.eset.com/topic/29656-server-100-cpu-performance/ Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it. notimportant 1 Link to comment Share on other sites More sharing options...
Recommended Posts