Skip to content

October 23, 2011

6
6 Comments Post a comment
  1. Martin Allen
    Jan 13 2012

    Good info. Thank you!

  2. Jan 31 2012

    Hi, did you ever get to the bottom of this? I have it on two servers and all manner of anti spyware doesn’t spot it. Did you end up reinstalling or did you find something that removed it?

  3. Jan 31 2012

    Hi Simon,

    You can remove all of the files, but because the system is effectively compromised, the only way to get proper assurance is to rebuild it. The malware isn’t picked up by anything that I tried.

  4. dan
    Jun 1 2012

    Thanks! Have a server infected with this as well.

  5. Frank
    Jun 22 2012

    Could this be the backdoor we’re having problems with?

    http://gika09.info/~me/archives/backdooring-dotexe

    I have an infected server, and I’m really not that happy about it!

  6. Nov 28 2012

    I had this same issue, after tons of research my self i did fid that bat file and it was attached to logon logoff script under gpedit. i deleted the bat file and dissabled that account and changed the password for all the account just to be on the safer side..
    jay

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php