Soldato
- Joined
- 16 May 2008
- Posts
- 2,561
- Location
- Bristol
One of my VMs (Server 2008 R2 fully updated) is constantly trying to connect to port 25 'smtp.hot.glbdns.microsoft.com' from the process 'taskeng.exe'.
I'm not too worried as it's only allowed access to DNS and HTTP through the firewall but I would like to get it clean.
I've tried the following:
Replaced with known clean version of 'taskeng.exe' - no joy
"SFC /scannow" - System files all checked and verified
GMER rootkit scanner - clean
RUBotted - clean
Kaspersky for servers - clean
MBAM - clean
Uploaded taskeng.exe to VirusTotal.com - clean
HiJackThis - brings back nothing untoward
RootkitBuster - incompatible with X64
Combofix - incompatible with server OS
Apart from wiping the box I'm not sure what else I can do? Unless this is actually a legit SMTP connection for Microsoft usage statistics or something?
I'm not too worried as it's only allowed access to DNS and HTTP through the firewall but I would like to get it clean.
I've tried the following:
Replaced with known clean version of 'taskeng.exe' - no joy
"SFC /scannow" - System files all checked and verified
GMER rootkit scanner - clean
RUBotted - clean
Kaspersky for servers - clean
MBAM - clean
Uploaded taskeng.exe to VirusTotal.com - clean
HiJackThis - brings back nothing untoward
RootkitBuster - incompatible with X64
Combofix - incompatible with server OS
Apart from wiping the box I'm not sure what else I can do? Unless this is actually a legit SMTP connection for Microsoft usage statistics or something?
