Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified Virus - Windows 2008 R2


  • Please log in to reply
1 reply to this topic

#1 microchipmatt

microchipmatt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 05 April 2016 - 02:16 PM

Hello everyone, we have a virus that we are currently cleaning off of a Windows 2008 R2 server.  We identified where it's storing it's files, and we are running malwarebytres.  We are unsure what it exactly is, but malwarebytes *seems* to be taking care of it...hoewever, it generated alot of files, so many in fact it filled a 330GB hard drive.  The virus has this behaviour:

 

In the SysWow64 folder it has created approx 800,000 Randomly named 8 character [.exe] files.  Please see screenshot below.  Malwarebytes identified them as infected and is removing them, but I want to make sure the virus is gone. Does anyone know what it is? (please see attached screenshot]

 

 

Attached Files


Edited by microchipmatt, 05 April 2016 - 02:19 PM.


BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:16 AM

Posted 05 April 2016 - 06:12 PM

Things to check would be in regedit (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Then taskcheduler, also services.msc.

 

Now download Eset online scanner and do a second scan.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users