I've determined that the servers that experienced this were running OSSEC Agent version 2.3. According to VirusTotal, 6/42 AV vendors alert on this file: http://www.virustotal.com/analisis/ffd7b8326c2d57c236e4ac68e593c2b4a2246a149bf3bfec32d7e218858369d2-1279009310
For comparison, here's the VirusTotal report for service-stop.exe from OSSEC Agent version 2.4.1 (0/42 AV vendors alert): http://www.virustotal.com/analisis/173034447d2ce6cba0969a82afeac24050b835879bfa0c51bb5243cc184490d2-1279019047 Doug Burks On Jul 13, 10:20 am, Doug Burks <[email protected]> wrote: > This morning, McAfee Antivirus began deleting service-stop.exe on our > servers: > > The file C:\Program Files\ossec-agent\service-stop.exe contains > Generic Downloader.x!eaf Trojan. The file was successfully deleted. > > Is anybody else seeing this?
