I will preface this by saying I have over 20 years experience developing software in C++ and Java on many different platforms.
I was checking my emby server today to see who is streaming, I do this by opening Process Explorer and looking at the ffmpeg processes that are running. I know I could just look at the emby manager but I'm a low level kind of guy. While in procexp I noticed 5 hidden command windows that have executed their command and were sitting idle. I could see the command they
Attention: This is a VIRUS!
From initial analysis I can say the following:
That helper dll is a trojan which opens a backdoor with a number of APIs, allowing remote code execution and other tasks
It also intercepts authentication and forwards the intercepted credentials to a control server
I tries to eliminate traces of existence by cleaning the corresponding lines from the log files.
There's also the ability to delete logs completely
It appears that the inf