Jump to content

Recommended Posts

I am cleaning up our SBS server and have already found 57 instances of adware located on the server. I cleaned it up and ran another scan and we are now getting just 1 instance of what is called Rogue.Multiple. It is located C:\Program Files\Microsoft Integration\Windows Small Business Server 2003 and the file listed is DBGHELP.DLL.

I have tried researching it, but have found very little on it.

We have recently been having ISS crash on us causing us to have to cold restart the server. The research I did led us to belive that either A.) Symantec has a faulty update with a work around or B.) Possible infection of the server.

Any information would be helpful. I want to remove it, but do not know exactly what it is just yet and I would like a description of the Malware and its actions to give to my customer.

Thanks in advance.

Link to post
Share on other sites

I am cleaning up our SBS server and have already found 57 instances of adware located on the server. I cleaned it up and ran another scan and we are now getting just 1 instance of what is called Rogue.Multiple. It is located C:\Program Files\Microsoft Integration\Windows Small Business Server 2003 and the file listed is DBGHELP.DLL.

I have tried researching it, but have found very little on it.

We have recently been having ISS crash on us causing us to have to cold restart the server. The research I did led us to belive that either A.) Symantec has a faulty update with a work around or B.) Possible infection of the server.

Any information would be helpful. I want to remove it, but do not know exactly what it is just yet and I would like a description of the Malware and its actions to give to my customer.

Thanks in advance.

Rogue.Multiple is a name we give to downloaders that install multiple rogue applications. This may be a false positive in this case. Can you upload the file to uploads.malwarebytes.org? so that I may confirm this either way.

Link to post
Share on other sites

  • 1 year later...
Rogue.Multiple is a name we give to downloaders that install multiple rogue applications. This may be a false positive... so that I may confirm this either way.

I just got:

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> No action taken.

Can you tell me if this is a 'false positive'? Is there any other information you would need to make a determination?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.