Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A

Kevin Reichel

After following the recommended steps below I was unable to find anything that needed to be removed.

Recommended remediation steps:

  1. Identify the compromised machine. The IP address of the machine attempting to connect to the C&C server will be visible within the alert.
  2. Perform a full system scan on the compromised machine using the Sophos Virus Removal Tool (free download).

I run ESET A/V on all my workstations and it hasn't found anything just like the sophos virus removal tool didn't.

Is there something else I should be trying?



This thread was automatically locked due to age.
Parents
  • 0

    Well, that doesn't mean the machine was infected with anything.

    It's generic, meaning there was something potential that may have been detected - yes, a vague understanding, which is why it's called generic.  Normally, this is seen as just traffic being blocked because there was a potential command and control access.  These a lot of times are false positives and traffic was blocked prior.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    I did do the recommended steps from the Sophos device and download the latest sophos virus removal tool and ran it and found nothing malicious and also ESET, so I'm optimistic.

Reply Children
No Data
Unfiltered HTML