Jump to content

Recommended Posts

Posted

Good Morning,

In my company we had a Trojan (PowerShell/TrojanDownloader.Agent.CRU) infection long time ago in several of our servers, it was all cleaned and everything is working but the Trojan keeps trying to launch in the servers. ESET finds it and delete it but it keeps coming back and we are unable to find it and get rid of it for good. I have read similar infections in this forums but the answer is deleting some registry keys with no more explanations so I can't find a proper solution for my issue.

Could someone please help?

I'm attaching 2 logs from 2 of our servers

Thank you very much

ESET.zip

  • Administrators
Posted

Please run ELC and select "Threat detection" template prior to collecting files. The generated zip archive will be probably too big to be uploaded here so please upload it to a safe location and drop me a personal message with a download link.

Posted

That is the log from one of our servers, but we have the same Trojan in several of them, would you need a log from every single one?

Thanks

  • Administrators
Posted

Yes, I will need ELC logs from each server / machine. Make sure to select Threat detection profile prior to collecting logs:

image.png

  • Administrators
Posted

Again, "Threat detection" profile was not selected in ELC. For instance, the registry export is missing among others. I'd expect the generated archive to be more than 100 MB in size.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...