Copper Contributor

Hello ;

My antivirus detected Trojan


Probably infected object detected: Trojan HEUR:Backdoor.MSIL.Webshell.gen.
Object name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b\App_Web_z1qruv0b.dll
MD5 file hash: fd34b27c2ea1a4702e265f6d1f05fe16
File SHA256 hash: a4f7b4261a9f70bd5247f497ff384012a71d75010765cc7174724ed04ed9b047


and w3wp.exe

I alreday upgraded that to CU22  before this atttack and also installed the last Security patch for CU22. I ran the MSERT tool and other Security Script for Exchange .

But has been removed but the mystery of the re-infections continues .

Could you help me

0 Replies