Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Exchange 2013 infected by Backdoor:MSIL/Chopper & other variants


  • Please log in to reply
65 replies to this topic

#16 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 08 January 2024 - 11:39 PM

HI there,

 

just sending you a quick update. After running the latest FARBAR scan today and posting the results, I ran Microsoft MSERT tool for malware detection & malware was found again. Posting results here:

 

Microsoft Safety Scanner v1.403, (build 1.403.176.0)
Started On Mon Jan  8 09:24:56 2024

Engine: 1.1.23110.2
Signatures: 1.403.176.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Full Scan Results:
------------------
Threat Detected: Backdoor:MSIL/Chopper.G!dha and Removed!
  Action: Remove, Result: 0x00000000
    file://C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b\App_Web_nuzjecuc.dll
        SigSeq: 0x0001E5410CC781F8

Results Summary:
----------------
Found Backdoor:MSIL/Chopper.G!dha and Removed!



BC AdBot (Login to Remove)

 


#17 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 09 January 2024 - 09:50 AM

Thank you.

Please run this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#18 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 09 January 2024 - 01:11 PM

Hello,

 

scan results below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by ex-super_user (09-01-2024 22:09:38) Run:3
Running from C:\Users\ex-super_user\Desktop
Loaded Profiles: goc1 & ex-super_user
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"
End::
*****************


========= dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319" =========

 Volume in drive C has no label.
 Volume Serial Number is 2A83-1E8C

 Directory of C:\Windows\Microsoft.NET\Framework64\v4.0.30319

01/09/2024  03:00 AM    <DIR>          .
01/09/2024  03:00 AM    <DIR>          ..
12/18/2019  10:08 PM    <DIR>          1033
03/28/2019  01:11 PM            35,744 Accessibility.dll
03/28/2019  01:11 PM            42,064 AddInProcess.exe
06/02/2012  06:32 PM               161 AddInProcess.exe.config
03/28/2019  01:11 PM            42,056 AddInProcess32.exe
06/02/2012  06:32 PM               161 AddInProcess32.exe.config
03/28/2019  01:11 PM            42,560 AddInUtil.exe
06/02/2012  06:32 PM               161 AddInUtil.exe.config
03/28/2019  01:09 PM           217,344 AdoNetDiag.dll
06/02/2012  06:32 PM             7,526 adonetdiag.mof
06/02/2012  06:32 PM             2,000 adonetdiag.mof.uninstall
03/28/2019  01:09 PM           163,072 alink.dll
03/28/2019  01:09 PM           124,072 AppLaunch.exe
07/26/2012  12:03 PM               281 applaunch.exe.config
07/26/2012  12:04 PM    <DIR>          ASP.NETWebAdminFiles
07/26/2012  12:03 PM               437 Aspnet.config
06/02/2012  06:32 PM            53,827 aspnet.mof
06/02/2012  06:32 PM               481 aspnet.mof.uninstall
03/28/2019  01:09 PM            54,872 aspnet_compiler.exe
03/28/2019  01:09 PM            44,080 aspnet_filter.dll
03/28/2019  01:09 PM            28,208 aspnet_isapi.dll
02/26/2022  01:42 PM            41,864 Aspnet_perf.dll
06/02/2012  06:32 PM             7,177 aspnet_perf.h
03/27/2018  03:25 AM           997,498 aspnet_perf.ini
03/27/2018  03:25 AM           995,542 aspnet_perf2.ini
03/28/2019  01:09 PM            90,672 aspnet_rc.dll
03/28/2019  01:09 PM            44,648 aspnet_regbrowsers.exe
03/28/2019  01:09 PM            47,696 aspnet_regiis.exe
03/28/2019  01:52 PM           126,544 aspnet_regsql.exe
03/28/2019  01:09 PM            54,912 aspnet_state.exe
06/02/2012  06:33 PM               318 aspnet_state_perf.h
06/02/2012  06:33 PM            42,996 aspnet_state_perf.ini
02/26/2022  01:42 PM            45,448 aspnet_wp.exe
03/28/2019  01:09 PM           107,200 CasPol.exe
07/26/2012  12:03 PM               368 caspol.exe.config
03/28/2019  10:26 AM           323,410 CLR-ETW.man
12/14/2022  11:11 AM        11,710,368 clr.dll
03/28/2019  01:09 PM           143,616 clrcompression.dll
03/28/2019  01:09 PM           238,128 clretwrc.dll
12/14/2022  11:11 AM         1,359,248 clrjit.dll
12/14/2022  11:11 AM         1,274,272 compatjit.dll
03/28/2019  01:11 PM           173,640 ComSvcConfig.exe
12/18/2019  10:08 PM    <DIR>          Config
03/28/2019  01:09 PM           158,768 CORPerfMonExt.dll
03/28/2019  01:09 PM         2,758,280 csc.exe
06/02/2012  06:33 PM               182 csc.exe.config
06/02/2012  06:33 PM             1,329 csc.rsp
03/28/2019  01:09 PM            62,000 Culture.dll
03/28/2019  01:09 PM           109,616 CustomMarshalers.dll
03/28/2019  10:35 AM            52,744 cvtres.exe
06/02/2012  06:33 PM               281 cvtres.exe.config
03/28/2019  01:11 PM            71,752 DataSvcUtil.exe
06/02/2012  06:33 PM               156 DataSvcUtil.exe.config
06/02/2012  06:33 PM               490 default.win32manifest
09/30/2020  05:39 AM           214,920 dfdll.dll
03/28/2019  01:11 PM            24,112 dfsvc.exe
12/18/2019  09:51 PM               893 dfsvc.exe.config
12/14/2022  11:11 AM         1,486,736 diasymreader.dll
06/02/2012  06:33 PM           115,131 dv_aspnetmmc.chm
03/28/2019  01:11 PM            96,816 EdmGen.exe
12/18/2019  10:08 PM    <DIR>          en-US
03/28/2019  01:09 PM           805,120 EventLogMessages.dll
03/28/2019  01:09 PM           299,056 FileTracker.dll
03/28/2019  01:09 PM           108,800 fusion.dll
10/26/2023  12:38 AM                 0 FXUpdate.dat
03/28/2019  01:09 PM           382,624 ilasm.exe
07/26/2012  12:03 PM               223 ilasm.exe.config
07/26/2012  12:03 PM            24,603 InstallCommon.sql
09/27/2018  06:10 PM            56,248 InstallMembership.sql
01/12/2016  07:35 AM            54,647 InstallPersistSqlState.sql
07/26/2012  12:03 PM            34,950 InstallPersonalization.sql
07/26/2012  12:03 PM            20,891 InstallProfile.SQL
07/26/2012  12:03 PM            34,264 InstallRoles.sql
01/12/2016  07:35 AM            54,427 InstallSqlState.sql
01/12/2016  07:35 AM            56,233 InstallSqlStateTemplate.sql
03/28/2019  01:09 PM            40,600 InstallUtil.exe
06/02/2012  06:33 PM               182 InstallUtil.exe.config
03/28/2019  01:09 PM           133,680 InstallUtilLib.dll
07/26/2012  12:03 PM             6,457 InstallWebEventSqlProvider.sql
03/28/2019  01:09 PM            75,824 ISymWrapper.dll
03/28/2019  01:11 PM            46,632 jsc.exe
07/26/2012  12:03 PM               281 jsc.exe.config
11/02/2017  01:58 AM           419,640 locale.nlp
03/28/2019  01:11 PM            53,808 Microsoft.Activities.Build.dll
03/28/2019  01:11 PM            85,040 Microsoft.Build.Conversion.v4.0.dll
03/28/2019  01:11 PM         1,412,144 Microsoft.Build.dll
03/28/2019  01:11 PM           658,992 Microsoft.Build.Engine.dll
03/28/2019  01:11 PM            99,888 Microsoft.Build.Framework.dll
03/28/2019  01:11 PM         1,180,208 Microsoft.Build.Tasks.v4.0.dll
03/28/2019  01:11 PM           269,360 Microsoft.Build.Utilities.v4.0.dll
07/26/2012  12:03 PM             2,358 Microsoft.Build.xsd
03/06/2014  10:19 PM             6,297 Microsoft.Common.OverrideTasks
03/06/2014  10:19 PM           262,547 Microsoft.Common.targets
06/02/2012  06:33 PM            14,898 Microsoft.Common.Tasks
03/28/2019  01:11 PM           486,304 Microsoft.CSharp.dll
06/02/2012  06:33 PM            23,618 Microsoft.CSharp.targets
03/28/2019  01:11 PM            52,784 Microsoft.Data.Entity.Build.Tasks.dll
07/20/2013  05:11 AM             6,501 Microsoft.Data.Entity.targets
03/28/2019  01:11 PM           184,880 Microsoft.Internal.Tasks.Dataflow.dll
03/28/2019  01:11 PM           753,200 Microsoft.JScript.dll
03/28/2019  10:45 AM            58,368 Microsoft.JScript.tlb
06/02/2012  06:33 PM            11,957 Microsoft.NETFramework.props
06/02/2012  06:33 PM             8,183 Microsoft.NETFramework.targets
06/03/2012  12:26 AM             9,783 Microsoft.ServiceModel.targets
03/28/2019  01:11 PM           395,680 Microsoft.Transactions.Bridge.dll
03/28/2019  01:09 PM           134,192 Microsoft.Transactions.Bridge.Dtc.dll
03/28/2019  01:09 PM         3,949,616 Microsoft.VisualBasic.Activities.Compiler.dll
03/28/2019  01:11 PM           116,784 Microsoft.VisualBasic.Compatibility.Data.dll
03/28/2019  01:11 PM           497,712 Microsoft.VisualBasic.Compatibility.dll
03/28/2019  01:11 PM           639,392 Microsoft.VisualBasic.dll
11/02/2017  02:01 AM            22,907 Microsoft.VisualBasic.targets
02/20/2018  07:32 AM            30,408 Microsoft.VisualC.Dll
02/20/2018  07:32 AM            50,920 Microsoft.VisualC.STLCLR.dll
03/28/2019  01:11 PM            28,576 Microsoft.Win32.Primitives.dll
06/24/2012  03:25 AM           724,332 Microsoft.Windows.ApplicationServer.Applications.45.man
03/28/2019  01:11 PM           140,192 Microsoft.Windows.ApplicationServer.Applications.dll
01/06/2018  06:00 AM            42,339 Microsoft.WinFx.targets
03/28/2019  01:11 PM            32,904 Microsoft.Workflow.Compiler.exe
06/02/2012  06:33 PM               144 Microsoft.Workflow.Compiler.exe.config
07/20/2013  05:11 AM             7,537 Microsoft.WorkflowBuildExtensions.targets
11/02/2017  01:52 AM            19,892 Microsoft.Xaml.targets
03/28/2019  01:09 PM           116,272 MmcAspExt.dll
09/27/2018  06:27 PM    <DIR>          MSBuild
03/28/2019  01:09 PM           257,592 MSBuild.exe
06/02/2012  06:33 PM             1,734 msbuild.exe.config
06/02/2012  06:33 PM               732 MSBuild.rsp
12/14/2022  11:11 AM         1,803,664 mscordacwks.dll
12/14/2022  11:11 AM         1,655,680 mscordbi.dll
03/28/2019  10:34 AM            31,744 mscoree.tlb
03/27/2020  03:10 AM           689,952 mscoreei.dll
03/28/2019  01:09 PM            33,328 mscoreeis.dll
12/14/2022  11:11 AM         5,432,720 mscorlib.dll
06/03/2012  12:26 AM           517,664 mscorlib.tlb
03/28/2019  01:09 PM           102,960 mscorpe.dll
03/28/2019  01:09 PM           193,584 mscorpehost.dll
03/28/2019  01:09 PM           397,872 mscorrc.dll
03/28/2019  01:09 PM           133,680 mscorsecimpl.dll
03/28/2019  01:09 PM            28,720 mscorsn.dll
01/05/2021  05:27 AM           557,960 mscorsvc.dll
01/05/2021  05:27 AM           151,984 mscorsvw.exe
07/26/2012  12:04 PM    <DIR>          MUI
09/27/2018  06:27 PM    <DIR>          NativeImages
03/28/2019  01:11 PM           106,400 netstandard.dll
01/05/2021  05:27 AM           174,552 ngen.exe
01/09/2024  03:00 AM           381,217 ngen.log
10/26/2023  01:57 AM         1,052,596 ngen.old.log
01/05/2021  05:27 AM            79,304 ngentask.exe
03/28/2019  01:09 PM            29,232 ngentasklauncher.dll
06/02/2012  06:33 PM            59,342 normidna.nlp
06/02/2012  06:33 PM            47,076 normnfc.nlp
06/02/2012  06:33 PM            40,566 normnfd.nlp
06/02/2012  06:33 PM            67,808 normnfkc.nlp
06/02/2012  06:33 PM            61,718 normnfkd.nlp
03/28/2019  01:09 PM           266,800 PerfCounter.dll
12/14/2022  11:11 AM           266,640 peverify.dll
03/28/2019  01:09 PM            64,192 RegAsm.exe
07/26/2012  12:03 PM               281 regasm.exe.config
03/28/2019  01:09 PM            44,736 RegSvcs.exe
07/26/2012  12:03 PM               223 regsvcs.exe.config
03/28/2019  01:09 PM            24,112 SbsNclPerf.dll
03/28/2019  01:09 PM            18,480 ServiceModelEvents.dll
03/28/2019  01:09 PM            18,480 ServiceModelInstallRC.dll
03/28/2019  01:09 PM           104,192 ServiceModelPerformanceCounters.dll
06/02/2012  06:33 PM           129,042 ServiceModelPerformanceCounters.man
03/28/2019  01:09 PM           304,280 ServiceModelReg.exe
03/28/2019  01:09 PM            18,472 ServiceModelRegUI.dll
06/30/2022  11:43 AM            28,576 ServiceMonikerSupport.dll
06/30/2022  11:44 AM            68,456 SMDiagnostics.dll
12/07/2019  10:03 AM           139,056 SMSvcHost.exe
07/26/2012  12:03 PM             2,262 SMSvcHost.exe.config
12/14/2022  11:11 AM           923,008 SOS.dll
07/26/2012  12:04 PM    <DIR>          SQL
03/28/2019  01:11 PM           132,000 sysglobl.dll
03/28/2019  01:11 PM           714,800 System.Activities.Core.Presentation.dll
06/30/2022  11:44 AM         1,528,640 System.Activities.dll
03/28/2019  01:11 PM           141,936 System.Activities.DurableInstancing.dll
05/06/2022  11:51 AM         2,121,104 System.Activities.Presentation.dll
03/28/2019  01:11 PM            52,272 System.AddIn.Contract.dll
03/28/2019  01:11 PM           162,864 System.AddIn.dll
03/28/2019  01:11 PM            28,576 System.AppContext.dll
03/28/2019  01:11 PM            29,304 System.Collections.Concurrent.dll
03/28/2019  01:11 PM            29,600 System.Collections.dll
03/28/2019  01:11 PM            29,088 System.Collections.NonGeneric.dll
03/28/2019  01:11 PM            29,088 System.Collections.Specialized.dll
03/28/2019  01:11 PM            30,112 System.ComponentModel.Annotations.dll
03/28/2019  01:11 PM           304,544 System.ComponentModel.Composition.dll
03/28/2019  01:11 PM            62,880 system.componentmodel.composition.registration.dll
03/28/2019  01:11 PM           126,880 System.ComponentModel.DataAnnotations.dll
03/28/2019  01:11 PM            29,088 System.ComponentModel.dll
03/28/2019  01:11 PM            29,088 System.ComponentModel.EventBasedAsync.dll
03/28/2019  01:11 PM            29,600 System.ComponentModel.Primitives.dll
03/28/2019  01:11 PM            30,624 System.ComponentModel.TypeConverter.dll
06/05/2020  09:04 AM           421,536 System.Configuration.dll
03/28/2019  01:11 PM           102,816 System.Configuration.Install.dll
03/28/2019  01:11 PM            29,088 System.Console.dll
12/14/2022  11:20 AM         1,551,240 System.Core.dll
03/28/2019  01:11 PM            29,600 System.Data.Common.dll
03/28/2019  01:11 PM            71,584 System.Data.DataSetExtensions.dll
10/20/2022  04:41 AM         3,546,528 System.Data.dll
03/28/2019  01:11 PM         1,082,416 System.Data.Entity.Design.dll
03/28/2019  01:11 PM         4,033,584 System.Data.Entity.dll
03/28/2019  01:11 PM           688,688 System.Data.Linq.dll
03/28/2019  01:09 PM           513,072 System.Data.OracleClient.dll
03/28/2019  01:11 PM           444,464 System.Data.Services.Client.dll
03/28/2019  01:11 PM           174,640 System.Data.Services.Design.dll
03/28/2019  01:11 PM           672,816 System.Data.Services.dll
03/28/2019  01:11 PM           733,600 System.Data.SqlXml.dll
09/30/2020  05:40 AM         1,593,624 System.Deployment.dll
03/28/2019  01:11 PM         5,029,792 System.Design.dll
03/28/2019  01:11 PM            64,048 System.Device.dll
03/28/2019  01:11 PM            29,600 System.Diagnostics.Contracts.dll
03/28/2019  01:11 PM            29,088 System.Diagnostics.Debug.dll
03/28/2019  01:11 PM            28,576 System.Diagnostics.FileVersionInfo.dll
03/28/2019  01:11 PM            29,088 System.Diagnostics.Process.dll
03/28/2019  01:11 PM            29,088 System.Diagnostics.StackTrace.dll
03/28/2019  01:11 PM            29,088 System.Diagnostics.TextWriterTraceListener.dll
03/28/2019  01:11 PM            29,088 System.Diagnostics.Tools.dll
03/28/2019  01:11 PM            29,080 System.Diagnostics.TraceSource.dll
03/28/2019  01:11 PM            39,840 System.Diagnostics.Tracing.dll
03/28/2019  01:11 PM           296,496 System.DirectoryServices.AccountManagement.dll
04/01/2022  08:49 AM           418,112 System.DirectoryServices.dll
03/28/2019  01:11 PM           201,120 System.DirectoryServices.Protocols.dll
12/14/2022  11:20 AM         3,557,224 System.dll
06/30/2020  05:55 AM           125,192 System.Drawing.Design.dll
05/26/2021  04:23 AM           595,728 System.Drawing.dll
03/28/2019  01:11 PM            29,088 System.Drawing.Primitives.dll
03/28/2019  10:50 AM             8,704 System.Drawing.tlb
03/28/2019  01:11 PM           130,464 System.Dynamic.dll
03/28/2019  01:11 PM            29,600 System.Dynamic.Runtime.dll
03/28/2019  01:09 PM           241,408 System.EnterpriseServices.dll
03/28/2019  01:09 PM           108,592 System.EnterpriseServices.Thunk.dll
03/28/2019  10:46 AM            34,304 System.EnterpriseServices.tlb
03/28/2019  10:34 AM           130,560 System.EnterpriseServices.Wrapper.dll
03/28/2019  01:11 PM            29,088 System.Globalization.Calendars.dll
03/28/2019  01:11 PM            29,080 System.Globalization.dll
03/28/2019  01:11 PM            29,088 System.Globalization.Extensions.dll
06/30/2022  11:44 AM         1,088,816 System.IdentityModel.dll
03/28/2019  01:11 PM           144,288 System.IdentityModel.Selectors.dll
06/30/2022  11:44 AM           192,416 System.IdentityModel.Services.dll
03/28/2019  01:11 PM            71,584 System.IO.Compression.dll
03/28/2019  01:11 PM            33,328 System.IO.Compression.FileSystem.dll
03/28/2019  01:11 PM            28,576 System.IO.Compression.ZipFile.dll
03/28/2019  01:11 PM            29,088 System.IO.dll
03/28/2019  01:11 PM            29,088 System.IO.FileSystem.dll
03/28/2019  01:11 PM            28,576 System.IO.FileSystem.DriveInfo.dll
03/28/2019  01:11 PM            29,088 System.IO.FileSystem.Primitives.dll
03/28/2019  01:11 PM            29,088 System.IO.FileSystem.Watcher.dll
03/28/2019  01:11 PM            28,576 System.IO.IsolatedStorage.dll
03/28/2019  01:11 PM           133,680 System.IO.Log.dll
03/28/2019  01:11 PM            29,088 System.IO.MemoryMappedFiles.dll
03/28/2019  01:11 PM            29,088 System.IO.Pipes.dll
03/28/2019  01:11 PM            28,576 System.IO.UnmanagedMemoryStream.dll
03/28/2019  01:11 PM            28,576 System.Linq.dll
03/28/2019  01:11 PM            30,112 System.Linq.Expressions.dll
03/28/2019  01:11 PM            29,088 System.Linq.Parallel.dll
03/28/2019  01:11 PM            29,088 System.Linq.Queryable.dll
10/05/2021  08:18 AM           408,856 System.Management.dll
03/28/2019  01:11 PM           145,456 System.Management.Instrumentation.dll
03/28/2019  01:11 PM           277,408 System.Messaging.dll
03/28/2019  01:11 PM           256,928 System.Net.dll
03/28/2019  01:11 PM           204,192 System.Net.Http.dll
03/28/2019  01:11 PM            29,088 System.Net.Http.Rtc.dll
03/28/2019  01:11 PM            50,592 System.Net.Http.WebRequest.dll
03/28/2019  01:11 PM            28,576 System.Net.NameResolution.dll
03/28/2019  01:11 PM            30,112 System.Net.NetworkInformation.dll
03/28/2019  01:11 PM            29,088 System.Net.Ping.dll
03/28/2019  01:11 PM            29,600 System.Net.Primitives.dll
03/28/2019  01:11 PM            29,088 System.Net.Requests.dll
03/28/2019  01:11 PM            29,088 System.Net.Security.dll
12/07/2019  10:03 AM            30,360 System.Net.Sockets.dll
03/28/2019  01:11 PM            29,088 System.Net.WebHeaderCollection.dll
03/28/2019  01:11 PM            29,088 System.Net.WebSockets.Client.dll
03/28/2019  01:11 PM            29,088 System.Net.WebSockets.dll
03/28/2019  01:11 PM           138,656 System.Numerics.dll
03/28/2019  01:11 PM            31,136 System.Numerics.Vectors.dll
03/28/2019  01:11 PM            29,600 System.ObjectModel.dll
03/28/2019  01:11 PM           107,936 System.Reflection.context.dll
03/28/2019  01:11 PM            29,600 System.Reflection.dll
03/28/2019  01:11 PM            29,088 System.Reflection.Emit.dll
03/28/2019  01:11 PM            29,088 System.Reflection.Emit.ILGeneration.dll
03/28/2019  01:11 PM            29,088 System.Reflection.Emit.Lightweight.dll
03/28/2019  01:11 PM            28,576 System.Reflection.Extensions.dll
03/28/2019  01:11 PM            29,088 System.Reflection.Primitives.dll
03/28/2019  01:11 PM            28,576 System.Resources.Reader.dll
03/28/2019  01:11 PM            29,088 System.Resources.ResourceManager.dll
03/28/2019  01:11 PM            28,576 System.Resources.Writer.dll
03/28/2019  01:11 PM           109,616 System.Runtime.Caching.dll
03/28/2019  01:11 PM            29,088 System.Runtime.CompilerServices.VisualC.dll
03/28/2019  01:11 PM            37,280 System.Runtime.dll
03/28/2019  01:11 PM           172,448 System.Runtime.DurableInstancing.dll
03/28/2019  01:11 PM            29,088 System.Runtime.Extensions.dll
03/28/2019  01:11 PM            29,088 System.Runtime.Handles.dll
03/28/2019  01:11 PM            32,160 System.Runtime.InteropServices.dll
03/28/2019  01:11 PM            29,088 System.Runtime.InteropServices.RuntimeInformation.dll
03/28/2019  01:11 PM            29,088 System.Runtime.InteropServices.WindowsRuntime.dll
03/28/2019  01:11 PM            28,576 System.Runtime.Numerics.dll
03/28/2019  01:11 PM           347,040 System.Runtime.Remoting.dll
06/30/2022  11:44 AM         1,049,392 System.Runtime.Serialization.dll
03/28/2019  01:11 PM            29,088 System.Runtime.Serialization.Formatters.dll
03/28/2019  01:11 PM           141,216 System.Runtime.Serialization.Formatters.Soap.dll
03/28/2019  01:11 PM            29,088 System.Runtime.Serialization.Json.dll
03/28/2019  01:11 PM            29,088 System.Runtime.Serialization.Primitives.dll
03/28/2019  01:11 PM            29,600 System.Runtime.Serialization.Xml.dll
03/28/2019  01:11 PM           160,160 System.Runtime.WindowsRuntime.dll
03/28/2019  01:11 PM            72,096 System.Runtime.WindowsRuntime.UI.Xaml.dll
03/28/2019  01:11 PM            29,544 System.Security.Claims.dll
03/28/2019  01:11 PM            29,600 System.Security.Cryptography.Algorithms.dll
03/28/2019  01:11 PM            29,088 System.Security.Cryptography.Csp.dll
03/28/2019  01:11 PM            29,088 System.Security.Cryptography.Encoding.dll
03/28/2019  01:11 PM            29,088 System.Security.Cryptography.Primitives.dll
03/28/2019  01:11 PM            30,112 System.Security.Cryptography.X509Certificates.dll
09/03/2020  01:05 AM           320,280 System.Security.dll
03/28/2019  01:11 PM            28,576 System.Security.Principal.dll
03/28/2019  01:11 PM            28,576 System.Security.SecureString.dll
03/28/2019  01:11 PM           202,288 System.ServiceModel.Activation.dll
09/03/2020  01:05 AM           555,384 System.ServiceModel.Activities.dll
06/30/2022  11:44 AM           151,984 System.ServiceModel.Channels.dll
06/30/2022  11:44 AM           302,480 System.ServiceModel.Discovery.dll
06/30/2022  11:44 AM         6,387,016 System.ServiceModel.dll
03/28/2019  01:11 PM            29,088 System.ServiceModel.Duplex.dll
03/28/2019  01:11 PM            29,088 System.ServiceModel.Http.dll
06/30/2022  11:44 AM           248,680 System.ServiceModel.Internals.dll
03/28/2019  01:11 PM            29,088 System.ServiceModel.NetTcp.dll
03/28/2019  01:11 PM            33,696 System.ServiceModel.Primitives.dll
03/28/2019  01:11 PM           130,608 System.ServiceModel.Routing.dll
03/28/2019  01:11 PM            29,600 System.ServiceModel.Security.dll
03/28/2019  01:11 PM            23,088 System.ServiceModel.ServiceMoniker40.dll
06/30/2022  11:44 AM            34,192 System.ServiceModel.WasHosting.dll
09/03/2020  01:05 AM           321,792 System.ServiceModel.Web.dll
03/28/2019  01:11 PM           138,656 System.ServiceProcess.dll
03/28/2019  01:11 PM            29,088 System.Text.Encoding.dll
03/28/2019  01:11 PM            29,088 System.Text.Encoding.Extensions.dll
03/28/2019  01:11 PM            29,088 System.Text.RegularExpressions.dll
03/28/2019  01:11 PM            29,600 System.Threading.dll
03/28/2019  01:11 PM            29,088 System.Threading.Overlapped.dll
03/28/2019  01:11 PM            30,112 System.Threading.Tasks.dll
03/28/2019  01:11 PM            29,088 System.Threading.Tasks.Parallel.dll
03/28/2019  01:11 PM            29,088 System.Threading.Thread.dll
03/28/2019  01:11 PM            29,088 System.Threading.ThreadPool.dll
03/28/2019  01:11 PM            28,576 System.Threading.Timer.dll
03/28/2019  10:25 AM            72,192 System.tlb
03/28/2019  01:09 PM           314,416 System.Transactions.dll
03/28/2019  01:11 PM            29,088 System.ValueTuple.dll
03/28/2019  01:11 PM            22,576 System.Web.Abstractions.dll
02/26/2022  01:53 PM            65,896 System.Web.ApplicationServices.dll
03/28/2019  01:11 PM           105,520 System.Web.DataVisualization.Design.dll
03/28/2019  01:11 PM         1,697,328 System.Web.DataVisualization.dll
02/26/2022  01:42 PM         5,398,408 System.Web.dll
03/28/2019  01:11 PM            44,592 System.Web.DynamicData.Design.dll
03/28/2019  01:11 PM           247,856 System.Web.DynamicData.dll
03/28/2019  01:11 PM           176,688 System.Web.Entity.Design.dll
03/28/2019  01:11 PM           165,424 System.Web.Entity.dll
03/28/2019  01:11 PM           356,400 System.Web.Extensions.Design.dll
02/26/2022  01:53 PM         1,844,576 System.Web.Extensions.dll
03/28/2019  01:11 PM           830,512 System.Web.Mobile.dll
03/28/2019  01:11 PM           106,032 System.Web.RegularExpressions.dll
03/28/2019  01:11 PM            22,792 System.Web.Routing.dll
03/28/2019  01:11 PM           846,752 System.Web.Services.dll
03/28/2019  10:50 AM             7,168 System.Web.tlb
03/28/2019  01:11 PM            31,136 System.Windows.dll
03/28/2019  01:11 PM            82,176 System.Windows.Forms.DataVisualization.Design.dll
06/30/2020  05:55 AM         1,712,512 System.Windows.Forms.DataVisualization.dll
08/04/2022  02:05 AM         5,922,136 System.Windows.Forms.dll
03/28/2019  10:49 AM            87,040 System.Windows.Forms.tlb
12/04/2019  06:55 AM         1,051,112 System.Workflow.Activities.dll
12/04/2019  06:55 AM         1,557,272 System.Workflow.ComponentModel.dll
12/04/2019  06:55 AM           503,064 System.Workflow.Runtime.dll
03/28/2019  01:11 PM           451,120 System.WorkflowServices.dll
12/14/2022  11:20 AM           634,184 System.Xaml.dll
03/28/2019  01:11 PM            43,056 System.Xaml.Hosting.dll
03/28/2019  01:11 PM         2,646,944 System.XML.dll
03/28/2019  01:11 PM           163,232 System.Xml.Linq.dll
03/28/2019  01:11 PM            29,600 System.Xml.ReaderWriter.dll
03/28/2019  01:11 PM            45,472 System.Xml.Serialization.dll
03/28/2019  01:11 PM            29,088 System.Xml.XDocument.dll
03/28/2019  01:11 PM            29,600 System.Xml.XmlDocument.dll
03/28/2019  01:11 PM            29,600 System.Xml.XmlSerializer.dll
03/28/2019  01:11 PM            29,088 System.Xml.XPath.dll
03/28/2019  01:11 PM            28,576 System.Xml.XPath.XDocument.dll
01/09/2024  12:05 PM    <DIR>          Temporary ASP.NET Files
03/28/2019  10:35 AM            61,714 ThirdPartyNotices.txt
03/28/2019  01:09 PM           133,680 TLBREF.DLL
07/26/2012  12:03 PM             3,890 UninstallCommon.sql
07/26/2012  12:03 PM             6,909 UninstallMembership.sql
07/26/2012  12:03 PM            10,195 UninstallPersistSqlState.sql
07/26/2012  12:03 PM             7,489 UninstallPersonalization.sql
07/26/2012  12:03 PM             4,760 UnInstallProfile.SQL
07/26/2012  12:03 PM             5,869 UninstallRoles.sql
07/26/2012  12:03 PM             9,691 UninstallSqlState.sql
07/26/2012  12:03 PM            11,797 UninstallSqlStateTemplate.sql
07/26/2012  12:03 PM             3,006 UninstallWebEventSqlProvider.sql
03/28/2019  01:09 PM         3,234,456 vbc.exe
06/02/2012  06:33 PM               182 vbc.exe.config
06/02/2012  06:33 PM             1,467 vbc.rsp
02/26/2022  01:42 PM            21,384 webengine.dll
02/26/2022  01:42 PM           675,200 webengine4.dll
03/28/2019  01:09 PM           195,120 WMINet_Utils.dll
06/02/2012  06:33 PM             7,128 Workflow.Targets
06/02/2012  06:33 PM             8,587 Workflow.VisualBasic.Targets
12/04/2019  06:54 AM           102,672 WorkflowServiceHostPerformanceCounters.dll
06/02/2012  06:33 PM            43,288 WorkflowServiceHostPerformanceCounters.man
03/16/2023  12:50 AM    <DIR>          WPF
03/28/2019  01:11 PM           152,680 WsatConfig.exe
03/28/2019  01:11 PM           132,144 XamlBuildTask.dll
06/02/2012  06:34 PM               474 XPThemes.manifest
03/28/2019  01:11 PM            67,632 XsdBuildTask.dll
             396 File(s)    136,859,564 bytes
              12 Dir(s)  88,897,404,928 bytes free


========= End of CMD: =========


==== End of Fixlog 22:09:39 ====



#19 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 09 January 2024 - 01:15 PM

Hi Gary,

 

I noticed a new file was created today in the C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth folder. File name is reset.aspx. I am going to rename it for now to reset.aspx.bak.

 

If you need the file for analysis let me know.



#20 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 09 January 2024 - 01:40 PM

Rename it back to reset.aspx and upload it to Virustotal. Post the results link in your reply.


Edited by Oh My!, 09 January 2024 - 05:38 PM.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#21 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 10 January 2024 - 02:51 AM

Do you want to automate checks?

Kaspersky
HEUR:Backdoor.ASP.WebShell.gen
ZoneAlarm by Check Point
HEUR:Backdoor.ASP.WebShell.gen
Acronis (Static ML)
Undetected
AhnLab-V3
Undetected
Antiy-AVL
Undetected
Arcabit
Undetected
Avast
Undetected
AVG
Undetected
Avira (no cloud)
Undetected
Baidu
Undetected
BitDefender
Undetected
BitDefenderTheta
Undetected
Bkav Pro
Undetected
ClamAV
Undetected
CMC
Undetected
Cynet
Undetected
DrWeb
Undetected
Emsisoft
Undetected
eScan
Undetected
ESET-NOD32
Undetected
F-Secure
Undetected
Fortinet
Undetected
GData
Undetected
Google
Undetected
Gridinsoft (no cloud)
Undetected
Ikarus
Undetected
Jiangmin
Undetected
K7AntiVirus
Undetected
K7GW
Undetected
Kingsoft
Undetected
Lionic
Undetected
Malwarebytes
Undetected
MaxSecure
Undetected
McAfee
Undetected
Microsoft
Undetected
NANO-Antivirus
Undetected
Panda
Undetected
QuickHeal
Undetected
Rising
Undetected
Sangfor Engine Zero
Undetected
Skyhigh (SWG)
Undetected
Sophos
Undetected
SUPERAntiSpyware
Undetected
Symantec
Undetected
TACHYON
Undetected
TrendMicro
Undetected
TrendMicro-HouseCall
Undetected
Varist
Undetected
VBA32
Undetected
VIPRE
Undetected
VirIT
Undetected
ViRobot
Undetected
Xcitium
Undetected
Yandex
Undetected
Zillya
Undetected
Zoner
Undetected
Alibaba
Unable to process file type
Avast-Mobile
Unable to process file type
BitDefenderFalx
Unable to process file type
CrowdStrike Falcon
Unable to process file type
Cybereason
Unable to process file type
Cylance
Unable to process file type
DeepInstinct
Unable to process file type
Elastic
Unable to process file type
Palo Alto Networks
Unable to process file type
SecureAge
Unable to process file type
SentinelOne (Static ML)
Unable to process file type
Symantec Mobile Insight
Unable to process file type
TEHTRIS
Unable to process file type
Trustlook
Unable to process file type
Webroot
Unable to process file type
Tencent



#22 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 10 January 2024 - 02:59 AM

Hi Gary,

 

I am constantly monitoring the server and each time after cleanup new files are being generated in the folder path:

 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\8e05b027\e164d61b

 

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\owa\*

 

They are dll files with random names. I have run them on virustotal and most of them the results are infected files. I am unable to delete them since they are locked in the w3wp.exe process. Unable to delete even if I rename the file.



#23 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 10 January 2024 - 10:27 AM

Thank you.

This is a difficult situation compounded by the fact I don't have a Server on which I can investigate and test my steps.

What I would like you to post the web address of the VirusTotal results after uploading reset.aspx file.

In addition, please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
Powershell: Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200
cmd: tasklist /svc /fi "IMAGENAME eq w3wp.exe"
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Process Monitor Utilizing Customized Import Configuration File

--------------------
  • If necessary, download Process Monitor and save it to your Desktop
  • Download kpatel45.pmc and save it to your Desktop
  • Right click on ProcMon and select Run as administrator
  • Hit the Ctrl + E keys at the same time to stop capturing events
  • Hit the Ctrl + X keys at the same time to clear the display
  • Click File, then Import Configuration...
  • Double click on the kpatel45.pmc file
  • On the bottom left hand corner of the Process Monitor screen confirm it says No events (capture disabled)
  • Hit the Ctrl + E keys at the same time to start capturing events (capture disabled should disappear)
  • Allow Process Monitor to continue running and attempt to repeat the steps previously resulting in the creation of malicious files
  • When an event occurs click File, Save, and save the file onto your Desktop using the default file name
  • Please zip and upload the file here
  • If it is necessary to shut down the computer prior to an event taking place restart the monitoring when the computer is active by doing the following
  • Right click on Process Monitor and select Run as administrator
  • The Process Monitor Filter window should appear and should show the previous settings
  • Click OK and capturing should resume automatically
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • VirusTotal link
  • Fixlog
  • Uploaded file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#24 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 11 January 2024 - 12:25 AM

Link for virustotal scan of reset.aspx:

 

https://www.virustotal.com/gui/file/1b5af35a68e8c52f45d4b63490d44e59d0e2738e6168dec2a1c358132b4eee58/detection

 

FRST RESULT:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by ex-super_user (11-01-2024 09:12:44) Run:4
Running from C:\Users\ex-super_user\Desktop
Loaded Profiles: goc1 & ex-super_user
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Powershell: Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200
cmd: tasklist /svc /fi "IMAGENAME eq w3wp.exe"
End::
*****************


========= Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200 =========


========= End of Powershell: =========


========= tasklist /svc /fi "IMAGENAME eq w3wp.exe" =========


Image Name                     PID Services                                    
========================= ======== ============================================
w3wp.exe                      8292 N/A                                         
w3wp.exe                     21496 N/A                                         
w3wp.exe                     22920 N/A                                         
w3wp.exe                      4900 N/A                                         
w3wp.exe                     20180 N/A                                         
w3wp.exe                     23424 N/A                                         
w3wp.exe                     23844 N/A                                         
w3wp.exe                     25540 N/A                                         
w3wp.exe                      6816 N/A                                         
w3wp.exe                     19352 N/A                                         
w3wp.exe                     27724 N/A                                         
w3wp.exe                     29692 N/A                                         
w3wp.exe                     27988 N/A                                         


========= End of CMD: =========


==== End of Fixlog 09:12:47 ====



#25 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 11 January 2024 - 09:40 PM

Thank you for the information.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
cmd: dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .aspx
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .aspx
cmd: dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .aspx
cmd: dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .ashx
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .ashx
cmd: dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .ashx
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Attach the file to your reply.
===================================================

Things I would like to see in your next reply.
  • Attached Fixlog

Edited by Oh My!, 14 January 2024 - 10:03 AM.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#26 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 12 January 2024 - 12:18 AM

hello,

 

plz find attached log file.



#27 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 12 January 2024 - 08:49 AM

There may be a problem on our end with file attachments. Please upload the file to file hosting site of your choice and post the download link.

Edited by Oh My!, 12 January 2024 - 08:56 AM.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#28 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 14 January 2024 - 12:23 AM

I have re-attached the file here. I probably forgot to "Attach This File" the first time. Please check. If it is not attached,then I will upload to a hosting site.

Attached Files



#29 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 14 January 2024 - 10:06 AM

Thank you and my apologies.

I have edited my previous Fixlist to include quotation marks which are required when using the approach I posted.

Please run Post #25 again.


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#30 kpatel45

kpatel45
  • Topic Starter

  •  Avatar image
  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 14 January 2024 - 12:04 PM

Hi Gary,
 
please find attached fixlog file.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by ex-super_user (14-01-2024 21:02:30) Run:6
Running from C:\Users\ex-super_user\Desktop
Loaded Profiles: goc1 & ex-super_user
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .aspx
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .aspx
cmd: dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .aspx
cmd: dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .ashx
cmd: dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .ashx
cmd: dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .ashx
End::
*****************


========= dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .aspx =========

C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp\auth\TimeoutLogout.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\errorFE.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\ExpiredPassword.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logoff.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logon.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logon08032021.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logon_captcha22feb2023.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logon_captcha_12Apr22.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\logon_origin.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\OutlookCN.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\recaptcha.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\signout.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\SvmFeedback.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\Current\themes\resources\err1.aspx
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\Current\themes\resources\err4.aspx


========= End of CMD: =========


========= dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .aspx =========

File Not Found


========= End of CMD: =========


========= dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .aspx =========

0

========= End of CMD: =========


========= dir "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy" /s /b | findstr /e .ashx =========

0

========= End of CMD: =========


========= dir "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET" /s /b | findstr /e .ashx =========

File Not Found


========= End of CMD: =========


========= dir "C:/inetpub/wwwroot/aspnet_client" /s /b | findstr /e .ashx =========

0

========= End of CMD: =========


==== End of Fixlog 21:02:32 ====

Attached Files


Edited by Oh My!, 14 January 2024 - 05:31 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users