Jump to content

files with .vir extension detected


Go to solution Solved by Marcos,

Recommended Posts

Hi, yesterday we install Eset Server security on a server, and today i recevive some weird detections (see attach photo).

 

When i went to the path of the detection i found this files with an extension .vir.vir.vir

 

Im doing a full scan on the server, my question is what kind of malware is this? and what other action should i take? this is a production server

 

revision.png

detecciones.png

Link to comment
Share on other sites

Submit the svchost.exe file in C:\Windows\Resources to VirusTotal for a scan. I suspect its malicious.

Link to comment
Share on other sites

Also per Fortiguard in regards to Eset's detection;

Quote

W32/VB.NBI is classified as a file infector.
A file infector is a type of malware that has the capability to propagate by attaching its code to other programs or files.

 

Link to comment
Share on other sites

  • Administrators
  • Solution

Win32/VB.NBI is a file infector (virus). I assume that we attempted to clean it after detection so we renamed it to a backup file (*.vir) but the machine was not rebooted to complete the cleaning and the virus continued to infect the already cleaned svchost.exe file, causing additional vir extension to be added each time until the machine was rebooted the next day.

Link to comment
Share on other sites

Posted (edited)

Hi, i just ended the review with local support. It seem the provider of the software downloaded the installer from an unsafe website. we will reinstalled the software. And reboot the server at the end of the day

Also, the file was submitted to virustotal, but it appears to be clean.

Thanks for the quick reply

Screenshot_1.png

Edited by Mromeroq
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...