Mike_Kintaru 2 Posted September 1, 2021 Share Posted September 1, 2021 We using ESET FILE SECURITY 7.3 on Windows Server 2012R2. Currently, our system overload 100% CPU performance, but ESET can not detect any problem. However, after we turnoff process and restart server, the error happened again. We tried use processexplore, and detect after access to sites: 'pool.supportxmr.com:443' - system will happen this error, and parent process will run 100% cpu. (picture 3) C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054 (picture 1) . We send you data file and svchost dump. Please help us, thanks. malware.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,355 Posted September 1, 2021 Administrators Share Posted September 1, 2021 Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,355 Posted September 1, 2021 Administrators Share Posted September 1, 2021 The file is already detected: XblGameUpdateTask-bk.exe - a variant of MSIL/Kryptik.ACQS trojan Link to comment Share on other sites More sharing options...
Mike_Kintaru 2 Posted September 1, 2021 Author Share Posted September 1, 2021 Thanks @Marcos. We resolved this problem. Link to comment Share on other sites More sharing options...
Recommended Posts