Jump to content

SvenBNE

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. We stumbled upon the exact same issue on 2 Terminal Servers on Friday and today. I didn't get as far netzenrob with finding out what happened exactly. The NTFS File Structure was corrupted on at least 1 of the servers so I had to run a checkdisk to get it back up and running again. After the checkdisk I noticed that logging in using a local account, or domain account with the network card disabled (VMWare) was the only way to log on initially, then I removed Anti-Ransomware and allowed the users to log back on again. I can send you the event log file in a PM if you need it due to client information being in there.
  2. Hi guys, One of our clients have a nasty piece of Malware that's somewhat crippled due to policies we put in place preventing executables from running in temp directories, but it still creates random folders on the user desktop and possibly breaking an application. After recreating the profile, the folders have returned 20 days later, but no more encryption attempts due to the policies. See screenshots for the folders, owner is administrators so not much to go on there. checked usual startup items in the registry HKLM and HKCU\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce MSCONFIG and scheduled tasks, nothing out of the ordinary there Ran Malware Bytes, Hitman pro, Malware Bytes Anti Rootkit but none find anything. Let me know if there is anything else I can do, I have added the FRST and Addition files, haven't seen anything out of the ordinary in there, but I could have overlooked something. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.