R
ramakrishna_p
Guest
We are using Azure VM and we are identified one service called XMRig taking more CPU process time
Os Details :
Microsoft Server 2012 R2 Edition
SQL Server Installed
When we open the details of the XMRig process, it shows the sysupdate.exe process running on my services. We deleted all the process sysupdate.exe details but again and again, it going the same high CPU usage.
We are identified the PowerShell script creating the files and running the sysupdate.exe process
How to overcome problems CPU high usage?
Malware Removal Report
AppData\Local\Temp\networkservice.exe -> Deleted
Size . . . . . . . : 2,945,024 bytes
Age . . . . . . . : 38.1 days (2019-12-30 09:09:33)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 75AC88C8819EFBD6BB63137B2D9BEE0BBDA1E4F9B80C170CB9E97142EEBB3694
Running processes : 2844
> Kaspersky . . . . : UDS
angerousObject.Multi.Generic
> SurfRight . . . . : Mal/Generic-S
Fuzzy . . . . . . : 120.0
C:\Users\srv.sql\AppData\Local\Temp\sysguard.exe -> Deleted
Size . . . . . . . : 2,221,056 bytes
Age . . . . . . . : 38.1 days (2019-12-30 09:09:51)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 30D04249AB38E2FC443E4E0B80A544C4F754BB57A710B82F6EB1C08FE185B5C4
Running processes : 832
> Bitdefender . . . : Trojan.Agent.DYLH
> Kaspersky . . . . : Trojan-Downloader.Win64.Agent.rp
> SurfRight . . . . : Mal/Generic-S
Fuzzy . . . . . . : 120.0
AppData\Local\Temp\sysupdate.exe -> PendingDelete
Size . . . . . . . : 839,168 bytes
Age . . . . . . . : 0.0 days (2020-02-06 11:41:03)
Entropy . . . . . : 7.9
SHA-256 . . . . . : DA07B536DD1CF9145582DE36D2E60A991F254D704A5C72486501A0B536B8947D
Product . . . . . : XMRig
Publisher . . . . : www.xmrig.com
Description . . . : XMRig miner
Version . . . . . : 5.0.1
LanguageID . . . . : 0
Running processes : 8704
> Bitdefender . . . : Gen:Variant.Application.Miner.2
> Kaspersky . . . . : not-a-virus:HEUR:RiskTool.Win32.Generic
> SurfRight . . . . : App/XMRigM-U
Fuzzy . . . . . . : 116.0
Network Ports 10.0.0.4:58502 47.101.30.124:13531
* Moved from Windows 8/Performance
More...
Os Details :
Microsoft Server 2012 R2 Edition
SQL Server Installed
When we open the details of the XMRig process, it shows the sysupdate.exe process running on my services. We deleted all the process sysupdate.exe details but again and again, it going the same high CPU usage.
We are identified the PowerShell script creating the files and running the sysupdate.exe process
How to overcome problems CPU high usage?
Malware Removal Report
AppData\Local\Temp\networkservice.exe -> Deleted
Size . . . . . . . : 2,945,024 bytes
Age . . . . . . . : 38.1 days (2019-12-30 09:09:33)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 75AC88C8819EFBD6BB63137B2D9BEE0BBDA1E4F9B80C170CB9E97142EEBB3694
Running processes : 2844
> Kaspersky . . . . : UDS
angerousObject.Multi.Generic> SurfRight . . . . : Mal/Generic-S
Fuzzy . . . . . . : 120.0
C:\Users\srv.sql\AppData\Local\Temp\sysguard.exe -> Deleted
Size . . . . . . . : 2,221,056 bytes
Age . . . . . . . : 38.1 days (2019-12-30 09:09:51)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 30D04249AB38E2FC443E4E0B80A544C4F754BB57A710B82F6EB1C08FE185B5C4
Running processes : 832
> Bitdefender . . . : Trojan.Agent.DYLH
> Kaspersky . . . . : Trojan-Downloader.Win64.Agent.rp
> SurfRight . . . . : Mal/Generic-S
Fuzzy . . . . . . : 120.0
AppData\Local\Temp\sysupdate.exe -> PendingDelete
Size . . . . . . . : 839,168 bytes
Age . . . . . . . : 0.0 days (2020-02-06 11:41:03)
Entropy . . . . . : 7.9
SHA-256 . . . . . : DA07B536DD1CF9145582DE36D2E60A991F254D704A5C72486501A0B536B8947D
Product . . . . . : XMRig
Publisher . . . . : www.xmrig.com
Description . . . : XMRig miner
Version . . . . . : 5.0.1
LanguageID . . . . : 0
Running processes : 8704
> Bitdefender . . . : Gen:Variant.Application.Miner.2
> Kaspersky . . . . : not-a-virus:HEUR:RiskTool.Win32.Generic
> SurfRight . . . . : App/XMRigM-U
Fuzzy . . . . . . : 116.0
Network Ports 10.0.0.4:58502 47.101.30.124:13531
* Moved from Windows 8/Performance
More...