cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Backdoor.MSIL.Webshell.gen

Korandji
Copper Contributor

‎Jan 27 2022 01:57 PM - edited ‎Jan 27 2022 02:28 PM

‎Jan 27 2022 01:57 PM - edited ‎Jan 27 2022 02:28 PM

Backdoor.MSIL.Webshell.gen

Hello ;

My antivirus detected Trojan

--------------------

Probably infected object detected: Trojan HEUR:Backdoor.MSIL.Webshell.gen.
Object name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b\App_Web_z1qruv0b.dll
MD5 file hash: fd34b27c2ea1a4702e265f6d1f05fe16
File SHA256 hash: a4f7b4261a9f70bd5247f497ff384012a71d75010765cc7174724ed04ed9b047

----------------------

and w3wp.exe

I alreday upgraded that to CU22  before this atttack and also installed the last Security patch for CU22. I ran the MSERT tool and other Security Script for Exchange .

But has been removed but the mystery of the re-infections continues .

Could you help me

Labels:
2,314 Views
0 Likes
0 Replies
Reply
0 Replies