Post your techical queries on any product in our range of AntiVirus, AntiSpam, Content Security and Firewall Solutions sold under the brand names of eScan, MailScan, eConceal and X-Spam here. Your queries will be responded to by our expert technical team directly.
Moderators: Divesh, Gurdip Singh
by cmora » Wed Jul 08, 2009 1:43 am
hi.
We are detecting in our terminal server some process named zsm1319.exe. that process are executed by a rdp process.
we found in internet info about this pocess and is a virus.
How can i control that virus in my terminal server?
we are using escan AV 9.0.824.465
thanks in advance
“the imagination is more important than knowledge” Einstein
-
cmora
-
- Posts: 32
- Joined: Wed Jan 02, 2008 7:25 pm
- Location: Colombia
-
by Varghese » Thu Jul 09, 2009 12:48 pm
Can you send us this file as a password protected zip?
-
Varghese
-
- Posts: 144
- Joined: Sat Dec 29, 2007 11:52 am
- Location: Mumbai
by cmora » Thu Jul 09, 2009 1:00 pm
the process is executed for the rdp process. I dont have a copy of that file, because was removed with a bitdefender tool.
How can i protect the rdp sessions?
thanks in advance
“the imagination is more important than knowledge” Einstein
-
cmora
-
- Posts: 32
- Joined: Wed Jan 02, 2008 7:25 pm
- Location: Colombia
-
by Varghese » Thu Jul 09, 2009 1:11 pm
But if you start an rdp session again won't it come back again?
That way you could send it back you can use procexp.exe to find the path of the file. If its initiated by rdp it might not necessarily be a malware.
But with the sample handy we will be in a better position to assist you in this case.
-
Varghese
-
- Posts: 144
- Joined: Sat Dec 29, 2007 11:52 am
- Location: Mumbai
by cmora » Fri Jul 10, 2009 2:39 am
hmm
The problem is appearing again. How can i take a copy of the infected files to send you?
Thanks in advance
“the imagination is more important than knowledge” Einstein
-
cmora
-
- Posts: 32
- Joined: Wed Jan 02, 2008 7:25 pm
- Location: Colombia
-
by Varghese » Fri Jul 10, 2009 12:27 pm
Use procexp.exe to find the path of the process running.
Once you get it, using winrar add it to archive. Do not forget to password protect it.
Once this is done sent the file over to us at
samples@mwti.net.
We will analyze the file and let you know the status of the same.
-
Varghese
-
- Posts: 144
- Joined: Sat Dec 29, 2007 11:52 am
- Location: Mumbai
Return to Technical Support
Who is online
Users browsing this forum: No registered users and 15 guests