This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware detected but i couldn't find the source

Hi,

i have a pc where "sophos endpoint" detecte periodically a malware. This malware has been cleaned. Here the log.

Feb 11, 2019 2:16 PM Malware cleaned up: 'Mal / Generic-R' at 'C: \ Windows \ System32 \ cbdglkue.bo'
Feb 11, 2019 2:15 PM Malware detected: 'Mal / Generic-R' at 'C: \ Windows \ System32 \ cbdglkue.bo'

I execute "sophos clean" but it does not find any risk.

Which is the source of this malware?



This thread was automatically locked due to age.
Parents
  • Hello Fonderia Corra,

    the Source of Infection tool might be of help (can't say if it also runs on Win10).

    Christian

  • Hi Christian,

    the tools give me this log

    2019/02/12 14:09:54,"C:\Windows\System32\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50","Process","C:\Windows\System32\services.exe"
    2019/02/12 14:56:46,"C:\Windows\System32\config\netlogon.ftl","Process","C:\Windows\System32\lsass.exe"
    2019/02/12 15:06:15,"C:\Windows\System32\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50","Process","C:\Windows\System32\services.exe"
    2019/02/12 15:48:38,"C:\Windows\System32\Tasks\At8","Process","C:\Windows\System32\svchost.exe"
    2019/02/12 15:48:38,"C:\Windows\System32\Tasks\At8","Process","C:\Windows\System32\svchost.exe"

    Unfortunately is not helpful for me. Any idea?

    The file checked as bad is

    Path:
    c:\windows\system32\cbdglkue.bo
    Name:
    cbdglkue.bo
Reply
  • Hi Christian,

    the tools give me this log

    2019/02/12 14:09:54,"C:\Windows\System32\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50","Process","C:\Windows\System32\services.exe"
    2019/02/12 14:56:46,"C:\Windows\System32\config\netlogon.ftl","Process","C:\Windows\System32\lsass.exe"
    2019/02/12 15:06:15,"C:\Windows\System32\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50","Process","C:\Windows\System32\services.exe"
    2019/02/12 15:48:38,"C:\Windows\System32\Tasks\At8","Process","C:\Windows\System32\svchost.exe"
    2019/02/12 15:48:38,"C:\Windows\System32\Tasks\At8","Process","C:\Windows\System32\svchost.exe"

    Unfortunately is not helpful for me. Any idea?

    The file checked as bad is

    Path:
    c:\windows\system32\cbdglkue.bo
    Name:
    cbdglkue.bo
Children