Page 1 of 1
zsm1319.exe
Posted:
Wed Jul 08, 2009 1:43 amby cmora
hi.
We are detecting in our terminal server some process named zsm1319.exe. that process are executed by a rdp process.
we found in internet info about this pocess and is a virus.
How can i control that virus in my terminal server?
we are using escan AV 9.0.824.465
thanks in advance
Posted:
Thu Jul 09, 2009 12:48 pmby Varghese
Can you send us this file as a password protected zip?
Posted:
Thu Jul 09, 2009 1:00 pmby cmora
the process is executed for the rdp process. I dont have a copy of that file, because was removed with a bitdefender tool.
How can i protect the rdp sessions?
thanks in advance
Posted:
Thu Jul 09, 2009 1:11 pmby Varghese
But if you start an rdp session again won't it come back again?
That way you could send it back you can use procexp.exe to find the path of the file. If its initiated by rdp it might not necessarily be a malware.
But with the sample handy we will be in a better position to assist you in this case.
Posted:
Fri Jul 10, 2009 2:39 amby cmora
hmm
The problem is appearing again. How can i take a copy of the infected files to send you?
Thanks in advance
Posted:
Fri Jul 10, 2009 12:27 pmby Varghese
Use procexp.exe to find the path of the process running.
Once you get it, using winrar add it to archive. Do not forget to password protect it.
Once this is done sent the file over to us at
samples@mwti.net.
We will analyze the file and let you know the status of the same.