Jump to content

Not sure what is going on, but I seem to be infected

echodreamz

By echodreamz
in Resolved Malware Removal Logs

 Share

Recommended Posts

echodreamz

echodreamz

Posted
Posted

I am not 100% sure, but something is up with this server I have here at home that I use to host some friends websites. A few days ago it was compromised and every restart some driver is loaded and a strange aa.pif file is created in the windows temp directory. The .pif file is full of random jibber. As well as 2 files in the drivers directory called "MsftWdf_Kernel_01011_Inbox_Critical.Wdf" and "MsftWdf_User_01_11_00_Inbox_Critical.Wdf"

 

I am also finding random directories / files locked and i have to boot into safemode to delete them. If I delete the aa.pif file it comes back after a restart.

 

The line in the FRST log that concerns me is the unsigned "Microsoft" driver being loaded.

Addition.txt

FRST.txt

Link to post
Share on other sites
  • 1 month later...
  • 3 weeks later...
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.