Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,446 questions
A threat found in Memory win64/shadowpad.t detected after restart - Exchange Server 2019
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Farrukh Ali Qureshi
46
Reputation points
Hi,
I am using Microsoft exchange 2019 on-prem on a virtual machine hosted at VMware EsXi 6.5 and the operating system of the machine is windows server 2019 std. Boot system is EFI. And eset server security is installed.
The Issue I am facing from long time is, whenever I restart the server eset popped up multiple notifications stating that a threat was found in memory. win64/shadowpad.t detected after restart and ask me to restart the server. But restarting the server didn't resolved the issues and again same issues arises.
Could you please help me to understand where this trojen exist and how can I get rid of this threat.
Looking forward.
Regards,
Farrukh Ali Qureshi
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 43%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
Bruce Jing-MSFT 8,560 Reputation points Microsoft Vendor2025-02-13T07:27:34.2266667+00:00 Looks like your issue is more related to Windows Server, please kindly understand that the Exchange Server tag here we mainly focus on general issues about Exchange. In order to better solve your problem, we will add "Windows Server" tag.
Note: The content of your question relates to your contact information. In accordance with Microsoft security regulations and to protect your privacy, I will remove the private content.
Sign in to comment
Sign in to answer