ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    virus cleanup-advise needed

    Scheduled Pinned Locked Moved IT Discussion
    virusmalware
    12 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      RS isn't managing very well if they are expecting you to manage it for them!

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        I never cleanup malware, I always rebuild. So much safer.

        1 Reply Last reply Reply Quote 2
        • AmbarishrhA
          Ambarishrh
          last edited by

          This is for one of our close contact with the company who asked us to help them, option for a rebuild was suggested but looks like they dont have a healthy backup to start with. So i have to clean this up, get the iis site back up and running and then see what we could do to make it better and avoid issues

          I am checking bleepingcomputer one of my fav old time site for malware removal.

          1 Reply Last reply Reply Quote 1
          • travisdh1T
            travisdh1
            last edited by

            Looks like someone clicked a link while working on the server if that java.exe is actually malicious.

            1 Reply Last reply Reply Quote 0
            • AmbarishrhA
              Ambarishrh
              last edited by

              Just did an online eset scan, its not just java!

              C:\Program Files\Jenkins.zip	multiple threats,a variant of MSIL/Spy.Agent.AES trojan,a variant of Win32/ServU-Daemon.AB potentially unsafe application	
              C:\Program Files\Java\jre6\java.exe	a variant of Win32/ServU-Daemon.AB potentially unsafe application	
              C:\Program Files\Jenkins\java.exe1	a variant of Win32/ServU-Daemon.AB potentially unsafe application	
              C:\Program Files\Jenkins - Copy\java.exe	a variant of Win32/ServU-Daemon.AB potentially unsafe application	
              C:\tmp\1.1	Linux/Setag.B.Gen trojan	
              C:\tmp\20AS	a variant of Linux/ChinaZ.F trojan	
              C:\tmp\20AS.1	a variant of Linux/ChinaZ.F trojan	
              C:\tmp\30AS	a variant of Linux/ChinaZ.F trojan	
              

              And more of this kind!

              travisdh1T 1 Reply Last reply Reply Quote 0
              • travisdh1T
                travisdh1 @Ambarishrh
                last edited by

                @Ambarishrh Yuck, that thing will probably never be completely clean.

                1 Reply Last reply Reply Quote 1
                • AmbarishrhA
                  Ambarishrh
                  last edited by

                  I have the same feeling. Informed them to do the rebuild and just take the iis file. Will scan that seperately

                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Ambarishrh
                    last edited by

                    @Ambarishrh said in virus cleanup-advise needed:

                    I have the same feeling. Informed them to do the rebuild and just take the iis file. Will scan that seperately

                    Scanning an IIS file is easy, scanning a whole server is essentially impossible.

                    1 Reply Last reply Reply Quote 2
                    • AmbarishrhA
                      Ambarishrh
                      last edited by

                      Can webroot help me here, thinking of using webroot and see if it can clean

                      travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • travisdh1T
                        travisdh1 @Ambarishrh
                        last edited by

                        @Ambarishrh said in virus cleanup-advise needed:

                        Can webroot help me here, thinking of using webroot and see if it can clean

                        Possibly, but you're dealing only with possibilities. Would be much better if you can rebuild and move/scan the IIS files.... that assumes IIS was the only thing running on the box.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Ambarishrh
                          last edited by

                          @Ambarishrh said in virus cleanup-advise needed:

                          Can webroot help me here, thinking of using webroot and see if it can clean

                          Maybe. Anything "might" work. But you'll never know.

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post