Backdoor.MSIL.Webshell.gen

%3CLINGO-SUB%20id%3D%22lingo-sub-3074630%22%20slang%3D%22fr-FR%22%3EBackdoor.MSIL.Webshell.gen%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3074630%22%20slang%3D%22fr-FR%22%3E%3CP%3EHello%3B%3C%2FP%3E%3CP%3EMy%20antivirus%20detected%20Trojan%3C%2FP%3E%3CP%3E--------------------%3C%2FP%3E%3CP%3EProbably%20infected%20object%20detected%3A%20Trojan%20HEUR%3ABackdoor.MSIL.Webshell.gen.%3CBR%20%2F%3EObject%20name%3A%20C%3A%5CWindows%5CMicrosoft.NET%5CFramework64%5Cv4.0.30319%5CTemporary%20ASP.NET%20Files%5Cowa%5C8e05b027%5Ce164d61b%5CApp_Web_z1qruv0b.dll%20%3CBR%20%2F%3E%20MD5%20file%20hash%3A%20fd34b27c2ea1a4702e265f6d1f05fe16%20%3CBR%20%2F%3E%20File%20SHA256%20hash%3A%20a4f7b4261a9f70bd5247f497ff384012a71d75010765cc7174724ed04ed9b047%3C%2FP%3E%3CP%3E----------------------%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20alreday%20upgraded%20that%20to%20CU22%20before%20this%20atttack%20and%20also%20installed%20the%20last%20Security%20patch%20for%20CU22.%20I%20ran%20the%20MSERT%20tool%20and%20other%20Security%20Script%20for%20Exchange%20.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EBut%20has%20been%20removed%20but%20the%20mystery%20of%20the%20re-infections%20continues%20.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECould%20you%20help%20me%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3074630%22%20slang%3D%22fr-FR%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Visitor

Hello ;

My antivirus detected Trojan

--------------------

Probably infected object detected: Trojan HEUR:Backdoor.MSIL.Webshell.gen.
Object name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b\App_Web_z1qruv0b.dll
MD5 file hash: fd34b27c2ea1a4702e265f6d1f05fe16
File SHA256 hash: a4f7b4261a9f70bd5247f497ff384012a71d75010765cc7174724ed04ed9b047

----------------------

and w3wp.exe

I alreday upgraded that to CU22  before this atttack and also installed the last Security patch for CU22. I ran the MSERT tool and other Security Script for Exchange .

But has been removed but the mystery of the re-infections continues .

Could you help me

0 Replies