Server 100& cpu performance.

[Mike_Kintaru 2]

We using ESET FILE SECURITY 7.3 on Windows Server 2012R2. 

Currently, our system overload 100% CPU performance, but ESET can not detect any problem. However, after we turnoff process and restart server, the error happened again.

We tried use processexplore, and detect after access to sites: 'pool.supportxmr.com:443' - system will happen this error, and parent process will run 100% cpu. (picture 3)

C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054 (picture 1) .

We send you data file and svchost dump.

Please help us, thanks.

 

malware.zip

[Marcos 5,070]

Detection for XblGameUpdateTask.exe will be added in the next update, then ESET should be able to detect and clean it.

[Marcos 5,070]

The file is already detected:

XblGameUpdateTask-bk.exe - a variant of MSIL/Kryptik.ACQS trojan

 

[Mike_Kintaru 2]

Thanks @Marcos. We resolved this problem.