Jump to content
babi2002

Trojan.Multi.GenAutorunReg.a

Recommended Posts

Hi to all,

I'm trying to find some information about this trojan, but I haven't found anything...

I have got a customer who has got installed KS Light Agent 5 in his network. The machines are VDI with win2016, this instances are reformated every night and every day, in the reports, he find this trojan disinfected in all instances with LA5... He has more instances with LA4 and he hasn't any issue about this.

Somebody could provide some info about this trojan??? Could maybe be a some win2016's process??

Thanks!!

David

 

Share this post


Link to post

Hi Ivan,

the report says "System Memory" in the path... I can see this too:

Quote

 

Object: System Memory

Result: Disinfected: Trojan.Multi.GenAutorunReg.a

User: NT AUTHORITY\SYSTEM

 

The disinfection time is at 3:30am. I think is when the hypervisor deploy the VDI instances... Also, we are having got some troubles with the file "SettingSyncHost.exe" in the windows login, I don't know if the two problems are related....

Thanks!!

David

Edited by babi2002

Share this post


Link to post

Hi Ivan,

do you mean this??? (see the picture attached)

If not, could you tell me how I can see the full event??

Thanks!!

David.

 

Event.PNG

Share this post


Link to post
5 часов назад, babi2002 сказал:

Hi Ivan,

do you mean this??? (see the picture attached)

If not, could you tell me how I can see the full event??

Thanks!!

David.

Hello!

Please double click on the event. there should be detailed information.

Thank you!

Share this post


Link to post

Hi Konstantin,

we don't know which is the infected file... The report doesn't show it...

We only know that the infected object is in "System Memory" and the user is the NT-Authority\System, maybe is some OS process or logon script... If I can do anything for to provide you more information, let me know how and I provide you it...

Thanks!!

David.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.