Jump to content

Exchange Server where hacked - Hafnium

Recommended Posts

Our exchange server was hacked. I installed malwarebytes for teams on all servers and checked them and malware was found and removed. But there is still activity on the servers. It seems that there is still some malware running and not removed. The MSX services are stopped and not running. A scan of the malwarebytes software does not detects any problems, but the software seems to block some outgoing activities.


What can be done to make all the machines clean and to be sure that all malware is removed.

Attached you can find the support log and some screen shots of the blocks from Malwarebytes.





Link to post
Share on other sites

Additional information:

3 servers shows this outgoing activity which is blocked from MWB

DC02 shows the most activity and also the DNS is changed automatic to and - if i correct these settings after a time the malware changes it back.

DC02 is a a Windows server which is the Domain controller, MSX is installed on an other server. (see logs from EXCH)


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.