Avatar of LarsArvidson
LarsArvidson
 asked on

Possible Virus?

I have a standalone Windows 7 computer that had RDP open.  The source IP was supposed to be restricted, but by mistake it wasn't.  

Anyway, I noticed that an unauthorized user was able to crack the password and log in.  I found an entry in the APP log with the following line.  Is anyone familiar with Pangolin.CracKed.By.Hmily[LCG][DST].exe?  

Fault bucket 3368295517, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: Pangolin.CracKed.By.Hmily[LCG][DST].exe
P2: 3.2.4.1132
P3: 4d01d91e
P4: kernel32.dll
P5: 6.1.7601.18015
P6: 50b83c89
P7: c0000005
P8: 0001139d
P9:
P10:

Attached files:
C:\Users\Support\AppData\Local\Temp\WER7EFE.tmp.WERInternalMetadata.xml

These files may be available here:
C:\Users\Support\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Pangolin.CracKed_397a32942c35fcd9426651e7926415a44be5d3_ba49900e

Analysis symbol:
Rechecking for solution: 0
Report Id: 878f7343-bbb2-11e3-8fce-534e57000000
Report Status: 0
VulnerabilitiesSecurityOS Security

Avatar of undefined
Last Comment
SunBow

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Zephyr ICT

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
LarsArvidson

ASKER
That's what I figured.  Thanks.
SunBow

As based on a Pen tool, next step should revisit suggested SQL vulnerabilities first.
You may also consider that you've potential to have retained a status quo where wannabe exploiter failed (crashed itself)

That said, I still be pro on creating a 'standard' image for platform, maintaining image, and using it on regular basis (preemptive to noticing malware, or unintended upgrade) - such collection of images enables go-back/undo alternatives for any upgrades, including that of A/V & driver update malfunctions (such as their adjustments to OS).

Consider level of interest, and time availability to explore or restore.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes