Jump to content

PowerShell/TrojanDownloader.Agent.CRU


Recommended Posts

Good Morning,

In my company we had a Trojan (PowerShell/TrojanDownloader.Agent.CRU) infection long time ago in several of our servers, it was all cleaned and everything is working but the Trojan keeps trying to launch in the servers. ESET finds it and delete it but it keeps coming back and we are unable to find it and get rid of it for good. I have read similar infections in this forums but the answer is deleting some registry keys with no more explanations so I can't find a proper solution for my issue.

Could someone please help?

I'm attaching 2 logs from 2 of our servers

Thank you very much

ESET.zip

Link to comment
Share on other sites

  • Administrators

Please run ELC and select "Threat detection" template prior to collecting files. The generated zip archive will be probably too big to be uploaded here so please upload it to a safe location and drop me a personal message with a download link.

Link to comment
Share on other sites

  • Administrators

Again, "Threat detection" profile was not selected in ELC. For instance, the registry export is missing among others. I'd expect the generated archive to be more than 100 MB in size.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...