Jump to content

Not sure what is going on, but I seem to be infected

Recommended Posts

I am not 100% sure, but something is up with this server I have here at home that I use to host some friends websites. A few days ago it was compromised and every restart some driver is loaded and a strange aa.pif file is created in the windows temp directory. The .pif file is full of random jibber. As well as 2 files in the drivers directory called "MsftWdf_Kernel_01011_Inbox_Critical.Wdf" and "MsftWdf_User_01_11_00_Inbox_Critical.Wdf"


I am also finding random directories / files locked and i have to boot into safemode to delete them. If I delete the aa.pif file it comes back after a restart.


The line in the FRST log that concerns me is the unsigned "Microsoft" driver being loaded.



Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.