Mike_Kintaru 2 Posted September 1, 2021 Posted September 1, 2021 We using ESET FILE SECURITY 7.3 on Windows Server 2012R2. Currently, our system overload 100% CPU performance, but ESET can not detect any problem. However, after we turnoff process and restart server, the error happened again. We tried use processexplore, and detect after access to sites: 'pool.supportxmr.com:443' - system will happen this error, and parent process will run 100% cpu. (picture 3) C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054 (picture 1) . We send you data file and svchost dump. Please help us, thanks. malware.zip
Administrators Marcos 5,733 Posted September 1, 2021 Administrators Posted September 1, 2021 Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it.
Administrators Marcos 5,733 Posted September 1, 2021 Administrators Posted September 1, 2021 The file is already detected: XblGameUpdateTask-bk.exe - a variant of MSIL/Kryptik.ACQS trojan
Mike_Kintaru 2 Posted September 1, 2021 Author Posted September 1, 2021 Thanks @Marcos. We resolved this problem.
Recommended Posts