Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.
COURSE of the MONTH
12 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
join.me.exe - quarantined on a windows 2008 server and a windows 2003 server
Posted on 2012-12-26
Two of the servers I work with, located as separate schools, which have our Managed Antivirus running, have detected a file called join.me.exe and quarantined it. Here is the path of the file on one of the servers:
C:\users\administrator\app
Should I take any action to try and clean my system further, other than deleting this item out of quarantine. Has anyone seen this file get picked up as a Trojan.win32.generic!bt
Any advice on further action, dealing with this infection?
C:\users\administrator\app
Should I take any action to try and clean my system further, other than deleting this item out of quarantine. Has anyone seen this file get picked up as a Trojan.win32.generic!bt
Any advice on further action, dealing with this infection?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4 Comments
Remediation ideas:
1) Make sure your antivirus definitions are up to date,
2) Run a full scan on the suspect servers
3) Consider using another anti-virus or some anti-spyware for a second opinion, just make sure that you don't run the servers with two active antivirus products afterward. I scan my personal PCs with Malwarebytes (malwarebytes.org).
Prevention ideas:
1) Don't browse the internet as an administrator.
1) Make sure your antivirus definitions are up to date,
2) Run a full scan on the suspect servers
3) Consider using another anti-virus or some anti-spyware for a second opinion, just make sure that you don't run the servers with two active antivirus products afterward. I scan my personal PCs with Malwarebytes (malwarebytes.org).
Prevention ideas:
1) Don't browse the internet as an administrator.
You always want to clean quarantined files.
The name itself indicates that this is a malicious file.
Generally the settings in Windows Explorer are to "Hide extension of known file types"
So this file when included in an email or seen in explorer will only show as "join.me" and the ".exe" is hidden, so people will click on the file.
If you cannot remove the file, then check if you can remove all permissions from this file.
This ensure that the file cannot be excuted by anybody including the system.
For more information on how to remove this trojan, I'd suggest that you view the manufacturers website of the AV software you're using.
Some tips from Symantec:
http://www.symantec.com/business/support/index?page=content&id=TECH122466
The name itself indicates that this is a malicious file.
Generally the settings in Windows Explorer are to "Hide extension of known file types"
So this file when included in an email or seen in explorer will only show as "join.me" and the ".exe" is hidden, so people will click on the file.
If you cannot remove the file, then check if you can remove all permissions from this file.
This ensure that the file cannot be excuted by anybody including the system.
For more information on how to remove this trojan, I'd suggest that you view the manufacturers website of the AV software you're using.
Some tips from Symantec:
http://www.symantec.com/business/support/index?page=content&id=TECH122466
I believe this is a false positive in a recent VMware vCenter Protect (Shavlik) antivirus pattern update.
Users who used the join.me service (same company as LogMeIn) show up in the quarantine with this file on December 22, 2012 (or subsequent antivirus scan) regardless of download date. In all cases that we have tested, users downloaded the file directly from the Join.Me website. The parent directory contains other files from the same vendor.
This program is often used by vendors to provide remote support. It's a well-known product that doesn't deserve a "high risk" rating from VMware/Shavlik. (although by definition, it does provide interactive access to a remote machine -- but only a the user's permission)
Users who used the join.me service (same company as LogMeIn) show up in the quarantine with this file on December 22, 2012 (or subsequent antivirus scan) regardless of download date. In all cases that we have tested, users downloaded the file directly from the Join.Me website. The parent directory contains other files from the same vendor.
This program is often used by vendors to provide remote support. It's a well-known product that doesn't deserve a "high risk" rating from VMware/Shavlik. (although by definition, it does provide interactive access to a remote machine -- but only a the user's permission)
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software.
Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses
Course of the Month12 days, 20 hours left to enroll
777 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.