Jump to content

My Windows 2012 has possibly a Trojan

Jawsh

By Jawsh
in Resolved Malware Removal Logs

 Share

Recommended Posts

Jawsh

Jawsh

Posted
Posted

Hello, I have an issue to where a client has a server to which has a Trojan.bitminer caused by Star.exe which I looked in the C:\Windows\Temp\Star.exe and nothing was there. One of the workers has had a bitcoin mining problem which we finally caught. Malwarebytes keeps blocking websites from IP address at least 5 times. Any suggestions are helpful.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello  @Jawsh    :welcome:

My name is Maurice.  Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

NOTE:  The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm.   It is STOPPED from a outbound attempt to ai.backend-chat.com

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites
Jawsh

Jawsh

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/10/21
Protection Event Time: 9:50 PM
Log File: a6be120e-12a2-11ec-914f-9cb654b16555.json

-Software Information-
Version: 4.4.5.130
Components Version: 1.0.1430
Update Package Version: 1.0.44816
License: Premium

-System Information-
OS: Windows Server 2012 R2
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Trojan.BitCoinMiner, C:\Windows\Temp\Star.exe, Quarantined, 596, 965972, 1.0.44816, , ame, , 241EA195774E19C5E9873A5B375617AE, AA00699728A2EE613DBE78792A6491C1B3B2F2562B3C4542B97D81B0C4CD4020


(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Thanks for the report.  The most recent block notices were about IP blocks  on IP "45.95.147.21"

I notice this machine  is a  "Windows Server 2012 R2"

First action:

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

Next action:

Use Windows Explorer.   Expand / navigate the left hand tree view of the C drive & drill down to C:\Windows

Use the mouse and ( on the Left-hand tree) RIGHT click on Windows folder and select "Scan with Malwarebytes"  and let Malwarebytes do that scan.

Edited by Maurice Naggar
Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.