virus cleanup-advise needed
-
I never cleanup malware, I always rebuild. So much safer.
-
This is for one of our close contact with the company who asked us to help them, option for a rebuild was suggested but looks like they dont have a healthy backup to start with. So i have to clean this up, get the iis site back up and running and then see what we could do to make it better and avoid issues
I am checking bleepingcomputer one of my fav old time site for malware removal.
-
Looks like someone clicked a link while working on the server if that java.exe is actually malicious.
-
Just did an online eset scan, its not just java!
C:\Program Files\Jenkins.zip multiple threats,a variant of MSIL/Spy.Agent.AES trojan,a variant of Win32/ServU-Daemon.AB potentially unsafe application C:\Program Files\Java\jre6\java.exe a variant of Win32/ServU-Daemon.AB potentially unsafe application C:\Program Files\Jenkins\java.exe1 a variant of Win32/ServU-Daemon.AB potentially unsafe application C:\Program Files\Jenkins - Copy\java.exe a variant of Win32/ServU-Daemon.AB potentially unsafe application C:\tmp\1.1 Linux/Setag.B.Gen trojan C:\tmp\20AS a variant of Linux/ChinaZ.F trojan C:\tmp\20AS.1 a variant of Linux/ChinaZ.F trojan C:\tmp\30AS a variant of Linux/ChinaZ.F trojanAnd more of this kind!
-
@Ambarishrh Yuck, that thing will probably never be completely clean.
-
I have the same feeling. Informed them to do the rebuild and just take the iis file. Will scan that seperately
-
@Ambarishrh said in virus cleanup-advise needed:
I have the same feeling. Informed them to do the rebuild and just take the iis file. Will scan that seperately
Scanning an IIS file is easy, scanning a whole server is essentially impossible.
-
Can webroot help me here, thinking of using webroot and see if it can clean
-
@Ambarishrh said in virus cleanup-advise needed:
Can webroot help me here, thinking of using webroot and see if it can clean
Possibly, but you're dealing only with possibilities. Would be much better if you can rebuild and move/scan the IIS files.... that assumes IIS was the only thing running on the box.
-
@Ambarishrh said in virus cleanup-advise needed:
Can webroot help me here, thinking of using webroot and see if it can clean
Maybe. Anything "might" work. But you'll never know.
