Jump to content

Non Detected Malware/Virus


Recommended Posts

Hello Everyone,

 

I am running Mcafee Endpoint 10.5 in my environment and on two of our Windows 2012R2 servers there is at registry key that keeps getting changed every 4 to 5 minutes.  I have run endpoint scans, and several other products in an attempt to located and remove this problem.  I have listed the key below and want to state that this is not being done via GPO.  I have watched the processor monitors vis SysInternals and you clearly see when Svchost fires off to make the change but have been unable to find what is causing it to launch since when you try to expand the process it says access denied even with full admin rights.

 

The registry key that is modified is the following:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

DisableWindowsUpdateAccess=1

 

This value should be a 0...even if I set it to a 0 the value will revert to a 1 within 4 to 5 minutes.  I have ran Malwarebytes and may other products including McAfee Endpoint 10.5 and nothing detects this.

 

Thanks for you time,

 

Brandon

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.