Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows Server R2 trojans found

  • Please log in to reply
2 replies to this topic

#1 TJJunior


  • Members
  • 23 posts
  • Local time:01:52 PM

Posted 27 October 2016 - 03:06 PM

Hi all,


I "run" a server at a small business running Win Server 2012 R2 although I'm not an IT guy by any means.  Realizing there was no anti-virus on it, I started looking around but there don't appear to be a lot of options for server OS's.  I downloaded ClamWin Free, and here are the results.  Note, I ran it during regular business hours so some of the files were locked, I will re-run it in safe mode tonight, but clearly I do have some infections already.  Any suggestions how to go about removing them?  Here is the list of infected files reported by ClamWin, but I believe it only identifies infections, not actually removes them.  Thank you!



C:\Windows\SysWOW64\2003.exe: Win.Trojan.Agent-1279654 FOUND
C:\Windows\SysWOW64\amd.dll: Win.Trojan.Hupigon-14460 FOUND
C:\Windows\SysWOW64\Update.exe: Win.Spyware.80656-1 FOUND
C:\Windows\SysWOW64\wemote.dll: Win.Trojan.Ddos-42 FOUND
C:\xampp\mysql\bin\amd.dll: Win.Trojan.Hupigon-14460 FOUND
C:\xampp\mysql\bin\nusql.dll: Win.Trojan.Hupigon-14460 FOUND
C:\xampp\mysql\data\mysql\unknownbaesjg.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownbfgpni.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownjdefah.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownkilaob.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownliutuc.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownrbwmwl.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknownthwicw.dll: Win.Trojan.15532522-1 FOUND
C:\xampp\mysql\data\mysql\unknowntiaomc.dll: Win.Trojan.15532522-1 FOUND
C:\y.exe: Win.Trojan.Hupigon-14460 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 5002483
Engine version: 0.99.1
Scanned directories: 38450
Scanned files: 203932
Infected files: 17

BC AdBot (Login to Remove)



#2 TJJunior

  • Topic Starter

  • Members
  • 23 posts
  • Local time:01:52 PM

Posted 03 November 2016 - 11:34 AM

I ended up just reformatting the drives and re-installing the OS, so no need for a response.  Thank you!

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 72,442 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:52 PM

Posted 04 November 2016 - 02:05 PM

Thanks for letting us know!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users