C2/Generic-A

Question

After following the recommended steps below I was unable to find anything that needed to be removed. 
 
 Recommended remediation steps: 
 
 Identify the compromised machine. The IP address of the machine attempting to connect to the C&C server will be visible within the alert. 
 Perform a full system scan on the compromised machine using the Sophos Virus Removal Tool (free download ). 
 
 I run ESET A/V on all my workstations and it hasn't found anything just like the sophos virus removal tool didn't. 
 Is there something else I should be trying?

Amodin · Answer

Well, that doesn't mean the machine was infected with anything. 
 It's generic, meaning there was something potential that may have been detected - yes, a vague understanding, which is why it's called generic. Normally, this is seen as just traffic being blocked because there was a potential command and control access. These a lot of times are false positives and traffic was blocked prior.

C2/Generic-A

Top Replies