Jump to content

VbCrayon

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About VbCrayon

  • Rank
    New Member
  1. I did the procedure and uninstalled Edge for Chromium. I have just left Internet Explorer. But as soon as I rebooted windows, ESET detected this: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 15-09-20 12:33:52 PM;Real-time file system protection;file;C:\Windows\TEMP\Tmp6B5C.tmp;a variant of MSIL/CoinMiner.BFE trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (3FDA32D19C8A28483F662C7400B8B347B408D500).;3818A0E5ED
  2. I did your fix (follow fixlog.txt), But then I tried too, Eset File Security for Windows Server and at each restart of the PC, it gives this message: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 15-09-20 12:43:06 AM;Real-time file system protection;file;C:\Windows\TEMP\Tmp666B.tmp;a variant of MSIL/CoinMiner.BFE trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (3FDA32D19C8A28483F662C7400B8B347B408D500).;3818A0E5E
  3. This PC is now "clean". But later get virus again
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2020 Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (14-09-2020 04:16:16) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farba
  5. Sorry for the delay to answer. Re-infection is quick. Even doing the procedures, the virus attacks again and removes all antivirus ( Including Malwarebytes). I basically use KVRT several times to give a little stability so people can work (everyday). I'm already setting up another server I don't know what else to do.
  6. Hi, I do not use Windows Defender (but Kaspersky and Malwarebytes) and System Restore (but Macrium). Fixlog.txt FSS.txt
  7. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-08-2020 Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (26-08-2020 05:57:02) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farba
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08-2020 Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (22-08-2020 17:46:18) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farba
  9. Hi, This recently appeared on the same machine (every minute): In addition, a warning that I did not capture, of a non-existent and strange executable, as soon as it turns on the machine. And every time I scan, this appears: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/20/20 Scan Time: 11:27 PM Log File: cf17b642-e355-11ea-b3bc-00ffb68728ad.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.1003 Update Package Version: 1.0.28801 License: Premium -System Information- OS: Windows Server 2012 R2 C
  10. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020 Ran by Administrator (administrator) on WIN-JMBU5F8K0NS (Amazon EC2 t3.xlarge) (25-06-2020 17:08:32) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER Platform: Windows Server 2012 R2 Standard (Update) (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi
  11. The objectname is trojan.multi.GenAutorunProc.a and it doesn't mention a location. Only that the system memory was desinfected. This was done 5 times. I also run Kaspersky Endpoint Security afterwards with no results and a temp CCleaner who removed a few things but nothing major. Currently everything looks ok , but I want to be sure.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.