Possible Virus?

LarsArvidson used Ask the Experts™
I have a standalone Windows 7 computer that had RDP open.  The source IP was supposed to be restricted, but by mistake it wasn't.  

Anyway, I noticed that an unauthorized user was able to crack the password and log in.  I found an entry in the APP log with the following line.  Is anyone familiar with Pangolin.CracKed.By.Hmily[LCG][DST].exe?  

Fault bucket 3368295517, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: Pangolin.CracKed.By.Hmily[LCG][DST].exe
P3: 4d01d91e
P4: kernel32.dll
P5: 6.1.7601.18015
P6: 50b83c89
P7: c0000005
P8: 0001139d

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 878f7343-bbb2-11e3-8fce-534e57000000
Report Status: 0
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Cloud Architect
Pangolin Pro is some kind of SQL injector tool, but that being said, it's connected with a lot of virusses ... Best is to scrap that PC and start new I guess ...


That's what I figured.  Thanks.

As based on a Pen tool, next step should revisit suggested SQL vulnerabilities first.
You may also consider that you've potential to have retained a status quo where wannabe exploiter failed (crashed itself)

That said, I still be pro on creating a 'standard' image for platform, maintaining image, and using it on regular basis (preemptive to noticing malware, or unintended upgrade) - such collection of images enables go-back/undo alternatives for any upgrades, including that of A/V & driver update malfunctions (such as their adjustments to OS).

Consider level of interest, and time availability to explore or restore.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial