Paco Ciesta 0 Posted December 17, 2021 Posted December 17, 2021 Good Morning, In my company we had a Trojan (PowerShell/TrojanDownloader.Agent.CRU) infection long time ago in several of our servers, it was all cleaned and everything is working but the Trojan keeps trying to launch in the servers. ESET finds it and delete it but it keeps coming back and we are unable to find it and get rid of it for good. I have read similar infections in this forums but the answer is deleting some registry keys with no more explanations so I can't find a proper solution for my issue. Could someone please help? I'm attaching 2 logs from 2 of our servers Thank you very much ESET.zip
Administrators Marcos 5,461 Posted December 17, 2021 Administrators Posted December 17, 2021 Please run ELC and select "Threat detection" template prior to collecting files. The generated zip archive will be probably too big to be uploaded here so please upload it to a safe location and drop me a personal message with a download link.
Paco Ciesta 0 Posted December 17, 2021 Author Posted December 17, 2021 here it is, Thanks efsw_logs2.zip
Paco Ciesta 0 Posted December 17, 2021 Author Posted December 17, 2021 That is the log from one of our servers, but we have the same Trojan in several of them, would you need a log from every single one? Thanks
Administrators Marcos 5,461 Posted December 17, 2021 Administrators Posted December 17, 2021 Yes, I will need ELC logs from each server / machine. Make sure to select Threat detection profile prior to collecting logs:
Administrators Marcos 5,461 Posted December 17, 2021 Administrators Posted December 17, 2021 Again, "Threat detection" profile was not selected in ELC. For instance, the registry export is missing among others. I'd expect the generated archive to be more than 100 MB in size.
Paco Ciesta 0 Posted December 17, 2021 Author Posted December 17, 2021 Sorry Marcos, I have sent it to you in a personal message.
Recommended Posts