Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows 2003 Server infected

  • Please log in to reply
No replies to this topic

#1 inspiron17


  • Members
  • 1 posts
  • Local time:09:36 PM

Posted 03 May 2017 - 07:40 PM

Hello guys,


I am running a Windows 2003 Server machine and installed ITbrain AntiMalware a couple of weeks ago.


So a couple of days ago i start receiving alerts showing infected files that were being quarantined. Eventually server rebooted caused by BSOD (this never happened before).


So i installed and check using Malwarebytes, ESETOnlineScanner, SpyBot and SUPERAntiSpyware. Malwarebytes started blocking a lot of incoming and outgoing traffic from weird ip addresses. Some files were detected and removed. 


Installed also some Windows Updates fixes. Firewall defaults setting was restored. I uninstalled Firefox and the only browser was IE with all security functions enabled and zero temp files - all default.


After all that - reboots are not ocurring anymore. Now i have only Malwarebytes and  ITbrain AntiMalware installed.


ITbrain AntiMalware started to alert again, something like this:


Malware name: Trojan.GenericKD.4741539
Malware file path: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKXURJ79\test[1].dat
Detection time: 03.05.2017 23:45:41 UTC
Additional information / action: Moved to quarantine
I manage to restore this file for analysis and this is the result:
Sometimes there is a new exe file alert. All dat files appears at Temporary Internet Files folder.
I noticed also some strange exe files at Windows folder like notpad.exe (this also was in Run key on registry) and Loginsas.exe. I deleted it manually.
Please advise how can i identify correctly what is this infection and eliminate it.
Thanks a lot.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users