Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - mist63

Pages: [1]
RogueKiller / Tr.gootkit + Proc.svchost
« on: March 02, 2015, 10:46:30 am »
I just cannot get rid of Tr.gootkit and Proc.svchost on a customer's server. I have been working on it for weeks. Roguekiller removes it fine, but after a couple of hours it is already back and detected again.  :-\
- Server Windows 2003 + SP2 with Terminal Services installed.
- Symantec Endpoint Protection v12 installed as a client. A full scan does not detect anything wrong (fileless infection).
- attached: roguekiller last reports (this morning and last friday)

I tried to follow these instructions:
- Eset find and removes the infection, but it keeps on coming back (same as roguekiller)
- MalwareBytes hangs during pre-scan ("SDKDatabaseLoadDefaults failed with code: 2")

There are actually about 15 users working daily on this server, so re-installing the OS would be my last choice indeed.
Is there anything I can do to prevent this infection from coming back, and finaly solve this problem?
Please let me know if you need any futrher information.

Thanks for your help

Pages: [1]