cignus 1 Posted September 28, 2021 Share Posted September 28, 2021 Hi I've got this alert coming every few minutes. Scanning with Eset and Malwarebytes didn't solve the problem. Any idea on how to proceed? Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted September 28, 2021 Administrators Share Posted September 28, 2021 Please provide: - logs collected with ESET Log Collector - a Procmon boot log (stop logging after the threat has been detected after the system restart) You may need to upload the archive(s) to a safe location and provide me with a download link. Especially the Procmon boot log can be quite big, depending on how long it takes for the threat to execute after a reboot. Link to comment Share on other sites More sharing options...
cignus 1 Posted September 29, 2021 Author Share Posted September 29, 2021 (edited) Thank you. Here they are (hope I did them right): thanks again Edited September 29, 2021 by Marcos Links to logs removed Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted September 29, 2021 Administrators Share Posted September 29, 2021 Please compress the content of the c:\users\moreno\appdata\roaming\njiuearzu folder and send me the generated archive via a personal message. Link to comment Share on other sites More sharing options...
cignus 1 Posted September 29, 2021 Author Share Posted September 29, 2021 message sent . thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted September 29, 2021 Administrators Share Posted September 29, 2021 Please check now. The threat should be detected as PowerShell/Agent.XD trojan and cleaned. If it has not been detected yet, try rebooting the machine so that a startup scan is run. Link to comment Share on other sites More sharing options...
cignus 1 Posted September 30, 2021 Author Share Posted September 30, 2021 Great! It works! Many many thanks! Top quality support! Peter Randziak 1 Link to comment Share on other sites More sharing options...
EKZero 0 Posted October 1, 2021 Share Posted October 1, 2021 Mi ritrovo anche io con lo stesso identico problema.. ogni 10 minuti viene rilevata la minaccia powershell/Agent.FU ma non viene eliminata, semplicemente bloccata. Qual è la risoluzione del problema? Grazie in anticipo Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted October 1, 2021 Administrators Share Posted October 1, 2021 31 minutes ago, EKZero said: Mi ritrovo anche io con lo stesso identico problema.. ogni 10 minuti viene rilevata la minaccia powershell/Agent.FU ma non viene eliminata, semplicemente bloccata. Qual è la risoluzione del problema? Grazie in anticipo Since this is an English forum please post in English. Please provide: - logs collected with ESET Log Collector - a Procmon boot log (stop logging after the threat has been detected after the system restart) You may need to upload the archive(s) to a safe location and provide me with a download link. Especially the Procmon boot log can be quite big, depending on how long it takes for the threat to execute after a reboot. Link to comment Share on other sites More sharing options...
EKZero 0 Posted October 1, 2021 Share Posted October 1, 2021 Hello Marcos, sorry if I wrote in Italian. You can find the requested file .zip to the follow link Thanks a lot Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted October 1, 2021 Administrators Share Posted October 1, 2021 Please compress the content of c:\users\dell\appdata\roaming\duhjzwazt and supply me with the archive. Link to comment Share on other sites More sharing options...
Recommended Posts