• caglararli@hotmail.com
  • 05386281520

Streamer Virus on offline network [closed]

Çağlar Arlı      -    28 Views

Streamer Virus on offline network [closed]

I have an offline network with 200 users. and routers, switches, 4 esxi servers and 1 netapp rack.

After about a year, my team found out that we have a virus in the network called streamer.exe that is a coin miner but because the network is offline I think it's not really mining but is doing other things such as:

  1. copying to random places as shortcut with path to the streamer called "games.lnk" and "downloads.lnk"
  2. It blocks the option to write to a network drive and it shows that the drive is full while it isn't.

What we did and tried so far:

  1. we have Trellix Epo server with strong ens policy that when a virus is found on some PC it reports and deletes it immediately
  2. weekly scans over the network drives - it's not helping because while the Trellix scans, the virus copies itself to places that have already been scanned
  3. we did a script that will disable any PC that is not connected for more then 10 days and will demand new installation (we did this because we are afraid that there are some computers that are not connected that may contain the virus)
  4. we created a GPO that will block the execution of the streamer.exe but it is not helping
  5. we are trying to implement Trellix storage protection with netapp av connector