Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7, server 2003-2008 BSOD trickbot?


  • Please log in to reply
5 replies to this topic

#1 Docleroux

Docleroux

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 19 October 2017 - 04:24 PM

We are having an issue with constant BSODs (usually different stop codes each time and on every PC). On boot it looks like a random numbered .exe file is generated in c:\windows. Also a service is created pointing to one of these exe's. we have scanned with malware bytes and we have comodo endpoint security. Malwarebytes sees these executables and removes them but the pc's get reinfected. On a few PCs we see techserv.exe in the c:\ drive and some users also have a folder called winapp in app data. I have been chasing this for 3 days now and am at wits end. Any help would be appreciated. Malwarebytes did report Trojan. Emotet and Trojan.trickbot on a few PCs.


Edited by Platypus, 19 October 2017 - 05:17 PM.
Moved to Malware help forum at request of BSOD forum staff.


BC AdBot (Login to Remove)

 


#2 Bighurt23

Bighurt23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 December 2017 - 02:25 PM

How did you end up resolving the issues? We have severs that are constantly Blue screening. Exact issues you had



#3 Docleroux

Docleroux
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 14 December 2017 - 02:32 PM

We actually worked with Comodo and submitted infected files we found.  They updated definitions until the virus was eliminated.  If you have an antivirus software installed I would highly recommend getting them on the phone and not hanging up until it is resolved.  We thought we were in the clear after removing 100's of PC's from the network and scanning each one individually.  A day later it was back.  That is when we turned to our Antivirus company for help.  Sorry I can't be more of a help...  I know for sure Comodo has the virus definitions in their database now.



#4 Bighurt23

Bighurt23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 December 2017 - 02:33 PM

Did the BSOD's stop with the removal? Did you have any server 2003 systems?



#5 Docleroux

Docleroux
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 14 December 2017 - 02:36 PM

The bluescreens stopped after the virus was removed.  There were a few server 2003 machines as well as 2008 etc.  All workstations XP through windows 10 were also infected.  If you look at the services running you can see strange service names all pointing to exe files in C:\Windows I think.



#6 Docleroux

Docleroux
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 14 December 2017 - 02:37 PM

The .exe files that were pointed at by the strangely named services were mainly what we submitted to Comodo.  We also submitted the techserv.exe to them as well.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users