Search the Community
Showing results for tags 'undetected'.
Found 4 results
Hi there I found this thread on google. I am another customer of cloudsouth and I had similar issues in past, So I hope my information may help you in fixing the problem. Two times my server has been infected by this virus. Both time I had to format all hard drives and re-install windows. both times I sent passwords in ticket to support and I believe the hacker stole the password from ticketing system. In event viewer I saw IP address from Russia logged to my server, The IP belonged to a VPN service provider. Probably the hacker hiding behind a VPN. on Nov-2017 the hacker logged into my server and installed the below malware. I believe this is the same hacker that install on OP server as well. He download the virus from below link http://baterky-noze.sk/cache/work.exe https://www.virustotal.com/#/file/2f41840b1780ab42d1b20036a7b6b04ea84e655013d67b98c215c24a4d4223cb/detection on May-2018 he logged into my server again and he installed this malware. He executed this application on my server but he forgot to fully remove it. I uploaded it to virus total. https://www.virustotal.com/#/file/d5e28c675d4f467cb1e917818480396e992ffd1515399b4eadd3adec4031d92e/detection I tried Avast, McAfee and AVG, All of them find and remove the virus but the virus will return the next day.
Hello, for a while now I have problems with some miners . Idk if its worldwide or they are targeting just https://www.cloudsouth.com/ I have 20+ servers from them and most of them are with miners. I reinstalled the OS a few times and soon after the servers will become infected again. I think they are bruteforcing them. I started using 24 characters for passwords on newly reinstalled servers. Here's a report from malwarebytes. (attached below) Even if malwarebytes cleaned the system, and a new check will result in a "clean" pc, the virus is still there and its not being detected. If I open Task Manager , the virus will instantly pause itself and the pc/server will start working normally. A few minutes later the virus will close the task manager and it will start itself. The pc/server will start to lag hard as the virus is using 90% of cpu when its running. Doing a virus scan without opening task manager is impossible. It won't even start. the pc is lagging that hard. Updated windows defender won't pick it up either. In task manager is using some of the following names SHELLEXPERIENCEHOST1.EXE Windowsshellexperiencehost.exe Windowsshellexperiencehoste.exe Windowsshellexperiencehostp.exe Any idea how can I remove these pesky miners? I can provider access via RDP to some infected servers. NP Bitcoin miners report.txt
Hello, I have been using my computer with out issues, and still without any performance ones. Although I have been experiencing lots of suspicious things on my pc happening, i don't know if they really are caused by malware but i would like to assume so. None of my scanners pick up anything they always come up clean, I use malwarebytes premium as well as the full version of superantispyware. And windows defender is enabled, windows 10. So what i have been encountering is an icon popping up very quickly and then disappearing on my taskbar. the icon doesn't show more than the blackbox and the blueline underneath before it disappears but will tab me out of a game etc. Also my taskbar and desktop icons flash/refresh randomly sometimes but only flash once. Also i started getting audio pops randomly but prob just headphones maybe. And the next one is my cursor, when it changes from hovering over text to something i can click it will sometimes glitch and bulge in size. I can also see a second text cursor pop up on the right side of the glitching cursor in some cases. I would be willing to send a video from my phone of it happening if needed. My pc runs fine though, but i do idle around 30% of memory used it could be the malware but I'm not sure. Just really looking for someone to tell me what they think and maybe help me fix the issues.
Hello there, So I have this malware that makes a popup to a porn site after I open Firefox browser (or possibly the computer) then disappears. I check the task manager. The popup opens a logo just like Firefox however the image is not the same and looks different. You can tell by the image I uploaded. I found out its location in my Appdata/Roaming/ComObj/update.exe Then I found out its also running a service which i will mention the name of it later after I give my laptop a restart Besides that I am assuming its a trojan of a sort as its simply is just running while your working or whatever. I disabled however it runs everytime i start up the laptop again. Now I will simply say that not one single anti-virus software or anti malware has detected it. I am sharing a copy of the file. I am an IT dude however I have no expertise when getting rid of something that cant be detected but I always do know when I am infected... I am new so please, If I have done anything wrong or posted this in the wrong place I apologize from now... Besides that any help on the matter would be greatly appreciated! Ur man THE RAGING IT dude update.7z