Backdoor.Gonymdos -- PC Running ICECAST and BUTT attacked for the third time with Norton Anti-Virus and Malwarebytes Installed RRS feed

  • Question

  • According to Norton Anti-Virus the audio streaming PC, with only ports 80 and 8000 not blocked, was infected by Backdoor.Gonymdos which, according to the literature, allows other malware to set up shop and then steal CPU cycles from victim PCs.  In this case the other malware was mining BitCoin.   Norton didn't detect the infection when it occurred of either malware.  It did detect an attempt to return BitCoin to Botswana.  Streaming halted once Norton displayed a warning message.  Running a Norton utility that attempts to remove malware also removes vital application components.  I ended up using 3rd party disk imaging software to restore a backup that I created May 2019 before the PC went online.  The literature, if I understand it correctly, states that IIS is hijacked to run a script independent of actions undertaken by end users and web browsers.  So my question is this:  Shouldn't IIS run scripts when and only when an end user is surfing the web?  It is horrible to realize that my PC which supports a radio reading service for the blind has been helping an unknown someone earn money using resources that ARE NOT theirs to benefit from.  IIS, of course, with its intractable user interface, neglects to inform the IT Pro that it is actively stealing CPU cycles.  All systems normal at Microsoft.  Revenues up.  Puzzles galore for the field.  Fun and games at HQ.


    Thursday, September 5, 2019 9:21 AM