eScan - Antivirus & Content Security Forum

by **cmora** » Wed Jul 08, 2009 1:43 am

hi.

We are detecting in our terminal server some process named zsm1319.exe. that process are executed by a rdp process.

we found in internet info about this pocess and is a virus.

How can i control that virus in my terminal server?

we are using escan AV 9.0.824.465

thanks in advance

by **Varghese** » Thu Jul 09, 2009 12:48 pm

Can you send us this file as a password protected zip?

by **cmora** » Thu Jul 09, 2009 1:00 pm

the process is executed for the rdp process. I dont have a copy of that file, because was removed with a bitdefender tool.

How can i protect the rdp sessions?

thanks in advance

by **Varghese** » Thu Jul 09, 2009 1:11 pm

But if you start an rdp session again won't it come back again?

That way you could send it back you can use procexp.exe to find the path of the file. If its initiated by rdp it might not necessarily be a malware.

But with the sample handy we will be in a better position to assist you in this case.

by **cmora** » Fri Jul 10, 2009 2:39 am

hmm

The problem is appearing again. How can i take a copy of the infected files to send you?

Thanks in advance

by **Varghese** » Fri Jul 10, 2009 12:27 pm

Use procexp.exe to find the path of the process running.

Once you get it, using winrar add it to archive. Do not forget to password protect it.

Once this is done sent the file over to us at samples@mwti.net.
We will analyze the file and let you know the status of the same.

eScan - Antivirus & Content Security Forum

zsm1319.exe

zsm1319.exe

Who is online