Jump to content

Rowmanti detection


sfoxaum
 Share

Recommended Posts

I saw in the Anti-Rootkit forum someone else had exactly the same issue we're seeing. We run both Malwarebytes Endpoint Protection and Trend Micro's Officescan. We just had the following detection:

9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Worm.Rowmanti   < No action taken >     c:\google
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Worm.Rowmanti.E < No action taken >     c:\skypee
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.Trace      < No action taken >     c:\users\admin\appdata\roaming\pidloc.txt
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Worm.Rowmanti   < No action taken >     c:\google\googleupdate.a3x
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Worm.Rowmanti.E < No action taken >     c:\skypee\googleupdate.a3x
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\admin\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\default\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\usera\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userb\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userc\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userd\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\usere\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userf\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userg\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\userh\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\users\useri\appdata\local\temp\updatea.vbs
9/25/2020 12:05:29 PM   COMPUTERNAME       192.168.202.120 Trojan.Agent.VBS        < No action taken >     c:\windows\temp\updatea.vbs

We cannot find these files. We've scanned the system with about six different anti-virus, anti-rootkit, and anti-malware products and none of them detect anything. The only thing I can think of it both Trend and MBAM kick off a scan at the same time and this happens. 

Anyone else have any experience with this? The system appears to be clean.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.