Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here's a new one. Asixyp.exe?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Er2thewin

Er2thewin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 February 2014 - 05:14 PM

Lfub2MR.png

 

So, an office that I work for happened to have two of the office girls financial security got compromised one of the girls for 200$ the other for almost 1000$. They have both recieved new cards and new pins and new logins from their banks. But the only instance they could recall was logging in to this same computer and accessing A back site and the other girl placed an order to jimmy johns. I found this file running in the background. No idea what it is. I've been seeing a ton of these in office I've only been tasked to do other things not viruses. Can anyone shed some light on this. 

 

I fully scanned this with Microsoft's Security Essentials, Malware Bytes and Norton EndPoint. 

Attached Files


Edited by Er2thewin, 17 February 2014 - 05:17 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 21 February 2014 - 05:07 AM

Hi there,

the file from your screenshot is malware for sure. It's impossible to tell what it does exactely just from seeing its name. But judging from the formal structure my first guess would be something like Zbot/Zeus/Citadel. These are infostealers that particularly target financial data that the user enters (and other user data and passwords alike). A connection to the compromise that has happend to the two office girls seems obvious..
In no way should a computer be operated when it is infected with a malware like this (and in an office it's even more problematic with the potential theft of sensitive data like customer data). If you really have found "a ton of these" then they are in big trouble and should do something about it asap.
So how can I help you further? Do you need support to find or clean more infected machines?

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 12 March 2014 - 12:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users