Jan 27 2022 01:57 PM - edited Jan 27 2022 02:28 PM
Hello ;
My antivirus detected Trojan
--------------------
Probably infected object detected: Trojan HEUR:Backdoor.MSIL.Webshell.gen.
Object name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b\App_Web_z1qruv0b.dll
MD5 file hash: fd34b27c2ea1a4702e265f6d1f05fe16
File SHA256 hash: a4f7b4261a9f70bd5247f497ff384012a71d75010765cc7174724ed04ed9b047
----------------------
and w3wp.exe
I alreday upgraded that to CU22 before this atttack and also installed the last Security patch for CU22. I ran the MSERT tool and other Security Script for Exchange .
But has been removed but the mystery of the re-infections continues .
Could you help me