Link to home
Start Free TrialLog in
Avatar of LarsArvidson

asked on

Possible Virus?

I have a standalone Windows 7 computer that had RDP open.  The source IP was supposed to be restricted, but by mistake it wasn't.  

Anyway, I noticed that an unauthorized user was able to crack the password and log in.  I found an entry in the APP log with the following line.  Is anyone familiar with Pangolin.CracKed.By.Hmily[LCG][DST].exe?  

Fault bucket 3368295517, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: Pangolin.CracKed.By.Hmily[LCG][DST].exe
P3: 4d01d91e
P4: kernel32.dll
P5: 6.1.7601.18015
P6: 50b83c89
P7: c0000005
P8: 0001139d

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 878f7343-bbb2-11e3-8fce-534e57000000
Report Status: 0
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LarsArvidson


That's what I figured.  Thanks.
As based on a Pen tool, next step should revisit suggested SQL vulnerabilities first.
You may also consider that you've potential to have retained a status quo where wannabe exploiter failed (crashed itself)

That said, I still be pro on creating a 'standard' image for platform, maintaining image, and using it on regular basis (preemptive to noticing malware, or unintended upgrade) - such collection of images enables go-back/undo alternatives for any upgrades, including that of A/V & driver update malfunctions (such as their adjustments to OS).

Consider level of interest, and time availability to explore or restore.