zsm1319.exe

Post your techical queries on any product in our range of AntiVirus, AntiSpam, Content Security and Firewall Solutions sold under the brand names of eScan, MailScan, eConceal and X-Spam here. Your queries will be responded to by our expert technical team directly.

Moderators: Divesh, Gurdip Singh

zsm1319.exe

Postby cmora » Wed Jul 08, 2009 1:43 am

hi.

We are detecting in our terminal server some process named zsm1319.exe. that process are executed by a rdp process.

we found in internet info about this pocess and is a virus.

How can i control that virus in my terminal server?

we are using escan AV 9.0.824.465

thanks in advance
“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Postby Varghese » Thu Jul 09, 2009 12:48 pm

Can you send us this file as a password protected zip?
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Postby cmora » Thu Jul 09, 2009 1:00 pm

the process is executed for the rdp process. I dont have a copy of that file, because was removed with a bitdefender tool.

How can i protect the rdp sessions?

thanks in advance
“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Postby Varghese » Thu Jul 09, 2009 1:11 pm

But if you start an rdp session again won't it come back again?

That way you could send it back you can use procexp.exe to find the path of the file. If its initiated by rdp it might not necessarily be a malware.

But with the sample handy we will be in a better position to assist you in this case.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai

Postby cmora » Fri Jul 10, 2009 2:39 am

hmm

The problem is appearing again. How can i take a copy of the infected files to send you?

Thanks in advance
“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Postby Varghese » Fri Jul 10, 2009 12:27 pm

Use procexp.exe to find the path of the process running.

Once you get it, using winrar add it to archive. Do not forget to password protect it.

Once this is done sent the file over to us at samples@mwti.net.
We will analyze the file and let you know the status of the same.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai


Return to Technical Support

Who is online

Users browsing this forum: No registered users and 17 guests