Jump to content

Recommended Posts

Good Evening.  I have been having an issue with trojans on 2 of my networked comp[uters.  I scanned with malwarebytes and if they had detections I quarentined till no infections were found  I also ran rogue killer.  when I run rogue killer on the server it finds bitcoin.gen0 in my exchange folder under a file call scanningprocesses.exe which looks like it has to do with filtering.  Is this a false positive.  Here are my farber logs as well.

FRST_29-01-2019 18.06.58.txt

Addition_29-01-2019 18.06.58.txt

Edited by KurtPCGuy
Link to post
Share on other sites

  • Root Admin

Hello @KurtPCGuy and :welcome:

Based on the FRST logs I'd say yes it's a false positive.

You do have an old compromised version of Java installed. You should uninstall it.

Java 8 Update 151

If at all possible try to run the system without Java.

Just a note that normally a Server, especially one running MS Exchange would never have anyone running a web browser on it. Why are you running Chrome on the Server?

You should also be running an antivirus that is Exchange aware.  Malwarebytes Consumer is not designed for use on a Server. We do have business products for the Server.

Thank you

Ron

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.