Hi,My server is hacked .some virus run powershell on my server.
cmd /c powershell -c Set-MpPreference -DisableRealtimeMonitoring $true;(get-wmiobject -class win32_networkadapterconfiguration -filter ipenabled=true).SetDNSServerSearchOrder(@('8.8.8.8','9.9.9.9'))
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Set-MpPreference -DisableRealtimeMonitoring $true;(get-wmiobject -class win32_networkadapterconfiguration -filter ipenabled=true).SetDNSServerSearchOrder(@('8.8.8.8','9.9.9.9'
my antvirus soft stop it.I want to check out which server was hacked to run powershell on my server. all my server are in the same Domain.
thank you
---
你好,我的服务器被攻击了,防病毒软件的日志里面发现有异常的powershell命令被执行。我推测是别的服务器感染了病毒,然后通过wrman来远程执行powershell。是否有方法找出这个执行powershell命令的源头?