Synopsis
Nessus detected potentially unwanted files on the remote host.
Description
The checksum of one or more files on the remote Windows host matches one of the signatures provided using the 'Provide your own list... (optional)' preferences (found under the 'Malware Settings - Hash and Allowlist Files' Preference Type) in the scan policy.
Note that Nessus has only scanned files with the following extensions :
.application, .asp, .aspx, .bat, .chm, .class, .cmd, .com, .cp, .csh, .dll, .doc, .docx, .drv, .exe, .gadget, .hta, .inf, .ins, .inx, .isu, .jar, .job, .jpeg, .jpg, .js, .jse, .jse, .jsp, .lnk, .msc, .msi, .msp, .mst, .paf, .pdf, .php, .pif, .ppt, .pptx, .ps1, .ps1xm, .ps2, .ps2xm, .psc1, .psc2, .reg, .rgs, .scf, .scr, .sct, .shb, .shs, .swf, .sys, .u3p, .vb, .vbe, .vbs, .vbscript, .ws, .wsf, .xls, .xls
Solution
Uninstall the remote software if it does not match your security policy, and investigate your network for further signs of a breach.
Plugin Details
File Name: wmi_malware_user_md5s_filescan.nbin
Agent: windows
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: malscan/enabled