Jump to content

Compromised Virtual Server Windows


Recommended Posts

Hello,

A very big server provider perhaps the biggest of Europe provides their costumers compromised Windows virtual servers, with spyware. Asking support? They have plenty of costumers they don’t care much.
I can't get rid of that spyware despite several re-installations from scratch.
Windows Server 2008 R2 D. Edition. Virtuoso virtualisation.
Two Hidden services revealed by Gmer Anti root kit.  See scan result attached
Dds cant be run under Windows Server 2008.
Windows event viewer log entries show several logins from different Ips  from all over the world through RDP protocols with different user names.
Sysinternals Tool TCP viewer shows suspicious behaviour like connections to www.007guard.com, or smtp connection to server in China (like 222.52.118.222) when I enter data in Firefox fields. Couldn’t make screen shots from that behaviuor unfortunately.
Malwarebytes and other Anti Virus scans don’t  detect malicious items.
It could be a Windows zero day exploit.  
Any help would be much appreciated!

Noricum

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.