Exchange 2016 with Trojan:MSIL/Chopper.AC!MTB – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

Howdy,

Since A pair of days in the past, I noticed that we had outgoing Mails with suspicious hyperlinks in it,  on completely different accounts.
 
After some evaluation, i found that I’ve a backdoors on my server, MSIL/Chopper.AC!MTB.
 
What i’ve carried out till now:
 
> Up So far the EX with the final safety updates avaliable (CU22);
> Ran the MSERT system, it say that it cleaned the backdoors however truthfully, I do not thrust;
> After MSERT we Ran Trendmicro, malwarebytes nothing detect;

> Look at Advert for a pretend HealthMailbox Inside the Clients OU > Discovered and deleted;
> Look at C:ProgramData for suspicious information > Detected some unusual information, deleted; But Do not know, if there are extra.

 

After cleansing the Server, after Every week, we run MSERT and Msert found this backdoor.

I want some assist To evaluation the FRST64 scan to see if There’s extra I can do To wash this mess.
And, some extra ideas if there are any.

Thanks Prematurely!

Maik

Source: https://www.bleepingcomputer.com/forums/t/763059/exchange-2016-with-trojanmsilchopperacmtb/

Posted on

Leave a Reply

Your email address will not be published. Required fields are marked *