2 Replies Latest reply on Apr 22, 2009 11:20 AM by secured2k

    Reset5.dll Reset5.exe

      We got one PC that got hit with this. We are running MaCafee 8.7 with EPO server. Def version was 5590 at the time

      This was in the event viewer:
      Event Type: Warning
      Event Source: McLogEvent
      Event Category: None
      Event ID: 258
      Date: 2009/04/21
      Time: 22:30:20
      User: NT AUTHORITY\SYSTEM
      Computer: TWTKY00005
      Description:
      The file C:\WINDOWS\system32\reset5.exe contains Generic.dx Trojan. The file was successfully deleted.

      This was in the AV logs:
      4/21/2009 10:30:19 PM Not scanned (scan timed out) NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.dll

      4/21/2009 10:30:20 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.dll Generic Downloader.x (Trojan)

      4/21/2009 10:30:20 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.exe Generic.dx (Trojan)

      We also an SMB session established to this computer form another in remote office. I don't have access rights to that box so I can't scan it.

      Has anyone ever came across this? Is this another false positive or should we take further action?

      Moved to Corporate for better attention. MOD