Jump to content

Wolfgang_May

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by Wolfgang_May

  1. Yes i can do it, how we can communicate to send you the ID´s for the different machines - my email is DELETED
  2. Additional information: 3 servers shows this outgoing activity which is blocked from MWB DC02 shows the most activity and also the DNS is changed automatic to 8.8.8.8 and 9.9.9.9 - if i correct these settings after a time the malware changes it back. DC02 is a a Windows server which is the Domain controller, MSX is installed on an other server. (see logs from EXCH)
  3. Our exchange server was hacked. I installed malwarebytes for teams on all servers and checked them and malware was found and removed. But there is still activity on the servers. It seems that there is still some malware running and not removed. The MSX services are stopped and not running. A scan of the malwarebytes software does not detects any problems, but the software seems to block some outgoing activities. What can be done to make all the machines clean and to be sure that all malware is removed. Attached you can find the support log and some screen shots of the blocks from Malwarebytes. EXCH.zipDC02.zipDC01.zip Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.