Jump to content

Infected Endpoint Greyed Out


Saraph
 Share

Recommended Posts

  • 2 weeks later...
  • Staff

That computer looks to have submitted a few hits to our telemetry server and subsequently auto-whitelisted those hits. Here's what I see hit on that machine:

H:\SetTime\SetTime.exe
C:\Program Files (x86)\Cisco Systems\Cisco Network Assistant\utilities\prelaunch\prelaunch.exe
'C:\PROGRAM FILES (X86)\SOLARWINDS\TFTP SERVER\SOLARWINDS TFTP SERVER.EXE
C:\USERS\JFRITZ\APPDATA\ROAMING\MICROSOFT\INSTALLER\{BC3EE229-5486-40AD-8834-63B5BDC23C50}\TFTPSERVER.EXE.ICON
C:\PROGRAM FILES\WINAERO TWEAKER\WINAEROTWEAKER.EXE
C:\PROGRAM FILES\WINAERO TWEAKER\WINAEROTWEAKERHELPER.EXE

This doesn't appear to be all of them, we can see what else it may have found that was auto-whitelisted but we will need to check out the files in C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\ScanResults\ to be sure.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.