Malicious File Detection: User Defined Malware

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

Nessus detected potentially unwanted files on the remote host.

Description :

The md5sum of one or more files on the remote Windows host matches one
of the signatures provided using the 'Additional MD5 hashes
(optional)' preference (found under the 'Malicious Process Detection'
Preference Type) in the scan policy.

Note that Nessus has only scanned files with the following
extensions :

.application, .asp, .bat, .chm, .class, .cmd, .com, .cp, .csh, .dl,
.doc, .docx, .drv, .exe, .gadget, .hta, .inf, .ins, .inx, .isu, .jar,
.job, .jpeg, .jpg, .js, .jse, .jse, .jsp, .lnk, .msc, .msi, .msp,
.mst, .paf, .pdf, .php, .pif, .ppt, .pptx, .ps1, .ps1xm, .ps2, .ps2xm,
.psc1, .psc2, .reg, .rgs, .scf, .scr, .sct, .shb, .shs, .swf, .sys,
.u3p, .vb, .vbe, .vbs, .vbscript, .ws, .wsf, .xls, .xls

Solution :

Uninstall the remote software if it does not match your security
policy, and investigate your network for further signs of a breach.

Risk factor :

Critical

Family: Windows

Nessus Plugin ID: 88962 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now