Jump to content

cdngy20

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey there, I just finished setting up a new 2012 Cloud server (needed older OS due to age of software I'm using) and Symantic endpoint has detected (but can't seem to remove) [SID: 30614] System infected: Miner.BitcoinMiner Activity 9 attack blocked RKILL log: Checking for Windows services to stop: * Ias Stopped. [PUP/GEN] 1 service stopped! Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * System Restore Disabled [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = dword:00000001 * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\Windows\SYSVOL\domain\DfsrPrivate => C:\System Volume Information\DFSR\Private\{EE4587EF-E020-4769-B0C8-7131DBFC827A}-{E2C2EB99-1396-4E75-8B85-AB78C9A17184} [Dir] * C:\Windows\SYSVOL\staging areas\XXXX.com => C:\Windows\SYSVOL\staging\domain [Dir] * C:\Windows\SYSVOL\sysvol\XXXX.com => C:\Windows\SYSVOL\domain [Dir] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/30/2021 10:49:18 AM Execution time: 0 hours(s), 5 minute(s), and 42 seconds(s) ---------------------------------- I also ran a FRST scan but I can't post publicly. What would be the next steps after RKILL? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.