Alchemy79 Posted September 30, 2014 ID:884915 Share Posted September 30, 2014 Hi Everybody! Has anyone come across cryptonight being run by svchost.exe utilising 100% cpu? I think its a bitcoin miner... but not much on internet about it? I have been battling a trojan.agent and various others on a this machine which is a server running server 2008. It was running sophos endpoint security which missed it and let it disable its protection. I did not originally set up this server which has no firewall and blank administrator passwords and it runs a web server!!!!!! It is configured by the developer of the bespoke software that they run which is highly strung. Rather alarmingly It also contains much sensitive data and private records but hopefully this is encrypted by the compsoft equinox database that it runs and it is behind a draytek firewall?. I have alerted the company owners to the risks on numerous occasions but now they have this mess which i am trying to clean up. The machine is never used for any internet browsing,email, or have programs ever run directly on this machine so the infection must have come from another machine on the network? or could it possibly have come from an online attack? I have removed malware and viruses about 5 times now following my own processes and various other instructions and was pretty sure i had cleaned it every time.. but it keeps returning. It is a real battle now... I won't be beaten!!I may need the assistance of some of your guys to remove, and check that there is something vital I'm not missing and clear this once and for all... All the best Al Link to post Share on other sites More sharing options...
Staff gringo_pr Posted October 18, 2014 Staff ID:891843 Share Posted October 18, 2014 Hello We are very sorry for the delay in responding to your request, If you are still in need of assistance please let me know and I will get started in helping you with your request. Regards, Gringo Malwareremoval Malwarebytes Link to post Share on other sites More sharing options...
Staff gringo_pr Posted October 21, 2014 Staff ID:893797 Share Posted October 21, 2014 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 21, 2014 Staff ID:911185 Share Posted November 21, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts