|
Posted by =?Utf-8?B?S1NBRHJldw==?= on November 6, 2006, 3:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hoping someone can help. A client of ours called saying they had become
infected with a virus called PE_Luder.A-O. Turns out that virus and two
trojans, Troj_Rootkit.A and Troj_Galapope.BU had infected the server and
several client workstations.
After fighting this virus since Halloween, we've managed to remove the two
Trojans (sheer luck, I think), and I beleive the Luder virus is also gone.
But the server and clients continue to report infections. This morning, I
was informed of an infection by Worm_Nuwar.E.
The client uses TrendMicro's OfficeScan and Server Protect 5 as their AV
solution. Not a big fan of this, btw. A google search of the Luder,
Rootkit, and Galapope infections return nothing but Trend Micro webpages in
various languages. Neither Symantec nor McAfee have any information on these
infections.
The OfficeScan program, when run manually, indicates that the computers are
virus free. User logs off and back on, and suddenly, there's an infection
reported. The server is scanned and shows clean. But using TrendMirco's
Sysclean program (with the same virus pattern files that OfficeScan is using)
indicated this morning over 35000 infected files! The same thing occurs on
the workstations, the OfficeScan says it's clean, the Sysclean says it's
infected. Oh, Sysclean is not a scheduable program, it has to be run
manually.
My problem, and question, comes from this: 1) has anyone else encountered
this virus, 2) can someone help give a clue as to the probable source of the
infection? The client has 20 or so workstations. Only 8 of them report
infections. All 20 Pcs contain the same programs. The virus seems to follow
only certain users. there is a login script running from their W2K3 server,
but it's only mapping network drives.
Any one have a thought or suggestion? TrendMicro seems to be the only one
who acknowledges this viral existance.
|
|
Posted by David H. Lipman on November 6, 2006, 4:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Hoping someone can help. A client of ours called saying they had become
| infected with a virus called PE_Luder.A-O. Turns out that virus and two
| trojans, Troj_Rootkit.A and Troj_Galapope.BU had infected the server and
| several client workstations.
|
| After fighting this virus since Halloween, we've managed to remove the two
| Trojans (sheer luck, I think), and I beleive the Luder virus is also gone.
| But the server and clients continue to report infections. This morning, I
| was informed of an infection by Worm_Nuwar.E.
|
| The client uses TrendMicro's OfficeScan and Server Protect 5 as their AV
| solution. Not a big fan of this, btw. A google search of the Luder,
| Rootkit, and Galapope infections return nothing but Trend Micro webpages in
| various languages. Neither Symantec nor McAfee have any information on these
| infections.
|
| The OfficeScan program, when run manually, indicates that the computers are
| virus free. User logs off and back on, and suddenly, there's an infection
| reported. The server is scanned and shows clean. But using TrendMirco's
| Sysclean program (with the same virus pattern files that OfficeScan is using)
| indicated this morning over 35000 infected files! The same thing occurs on
| the workstations, the OfficeScan says it's clean, the Sysclean says it's
| infected. Oh, Sysclean is not a scheduable program, it has to be run
| manually.
|
| My problem, and question, comes from this: 1) has anyone else encountered
| this virus, 2) can someone help give a clue as to the probable source of the
| infection? The client has 20 or so workstations. Only 8 of them report
| infections. All 20 Pcs contain the same programs. The virus seems to follow
| only certain users. there is a login script running from their W2K3 server,
| but it's only mapping network drives.
|
| Any one have a thought or suggestion? TrendMicro seems to be the only one
| who acknowledges this viral existance.
Use the following Multi AV Scanning Tool on *all* infected and suspect server &
workstations.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | Viruses | December 20, 2005, 11:05 pm |
| Can't get rid of 2 viruses, help. | October 14, 2006, 8:20 am |
| Viruses | August 24, 2007, 3:25 am |
| So Are Viruses Gone? | April 8, 2008, 6:38 am |
| top ten list of viruses ever!!! | June 30, 2005, 3:18 pm |
| Scanning for Viruses-1. | May 27, 2006, 11:07 pm |
| Scanning for viruses-2. | May 27, 2006, 11:14 pm |
| Hackers and Viruses | July 18, 2006, 7:29 pm |
| It's a miracle - all viruses are gone?! | September 13, 2006, 2:40 pm |
| Viruses that take up HD space | October 13, 2008, 3:48 pm |
|
XML site map