Jump to content

PowerShell/TrojanDownloader.Agent.DV trojan

Go to solution Solved by Marcos,

Recommended Posts

我们有几个 Windows Server 可以持续检测 PowerShell/TrojanDownloader.Agent 特洛伊木马。每次 EFSW 都显示通过删除清除,但几个小时后再次出现相同的日志。如何解决这个问题?
> 我收集了ELC日志

efsw_logs cad.zip


Machine translation:

We have several Windows Servers that continuously detect the PowerShell/TrojanDownloader.Agent Trojan. Every time EFSW shows clearing by deletion, but a few hours later the same log appears again. how to solve this problem?
> I collected ELC logs

Edited by Marcos
Machine translation added
Link to comment
Share on other sites

  • Administrators
  • Solution

You have a system task scheduled which refers to a non-existing file c:\windows\weasgk.exe. Please remove it.

Also remove:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1F2382A-A38E-4E3F-B57A-CED0ED4D71F4}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1F2382A-A38E-4E3F-B57A-CED0ED4D71F4}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetool

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...