Jump to content

Trojan.Win32.Generic

sammys
 Share

Recommended Posts

sammys

sammys

Posted
Posted

I have a Windows 2008R2 server that has been infected with Trojan.Win32.Generic. I have run Malwarebytes, adwcleaner, jrt, hitmanpro, and Zemana. The malware keeps coming back. It starts with the file a[1].exe and then proceeds to add additional files (along with several server reboots). Any suggestions? The Hitman Pro log is attached as well as copied below: 

HitmanPro 3.7.18.284
www.hitmanpro.com
	   Computer name . . . . : WEBSERVER01
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : DIGITALONE\administrator
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Paid (357 days left)
	   Scan date . . . . . . : 2017-05-10 16:51:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 25s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
	   Threats . . . . . . . : 2
   Traces  . . . . . . . : 2
	   Objects scanned . . . : 1,726,744
   Files scanned . . . . : 135,640
   Remnants scanned  . . : 727,453 files / 863,651 keys
	Malware _____________________________________________________________________
	   C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a[1].exe -> Deleted
      Size . . . . . . . : 1,451,520 bytes
      Age  . . . . . . . : 1.4 days (2017-05-09 07:57:25)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 40431245896FBC4B5E977E63A90B5F8F2172C7643103E34602943B7969B0D8CE
    > Bitdefender  . . . : Trojan.GenericKD.5004043
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/EncPk-AAL
      Fuzzy  . . . . . . : 118.0
      Forensic Cluster
          0.0s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a[1].exe
          0.0s C:\windowstmp01.exe
          0.1s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a[4].exe
          2.0s C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_415ec4357d4b7599115aa6d035dbe13c2ea358b6_0a47f1d3\
          2.0s C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_415ec4357d4b7599115aa6d035dbe13c2ea358b6_0a47f1d3\Report.wer
	   C:\windowstmp01.exe -> Deleted
      Size . . . . . . . : 1,451,520 bytes
      Age  . . . . . . . : 1.4 days (2017-05-09 07:57:25)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 40431245896FBC4B5E977E63A90B5F8F2172C7643103E34602943B7969B0D8CE
    > Bitdefender  . . . : Trojan.GenericKD.5004043
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    > HitmanPro  . . . . : Mal/EncPk-AAL
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -0.0s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a[1].exe
          0.0s C:\windowstmp01.exe
          0.1s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a[4].exe
          2.0s C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_415ec4357d4b7599115aa6d035dbe13c2ea358b6_0a47f1d3\
          2.0s C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lsass.exe_415ec4357d4b7599115aa6d035dbe13c2ea358b6_0a47f1d3\Report.wer


 

HitmanPro_20170510_1702.log

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.