MIS Systems Thread, Sims / Sophos this morning - A Warning in Technical; I'm not sure if its a false positive or whether something has infected the sims directory this morning but we've ...
2nd June 2008, 01:07 PM #1
Sims / Sophos this morning - A Warning
I'm not sure if its a false positive or whether something has infected the sims directory this morning but we've had the setups directory completely annilihated by Sophos on access scanning.
W32/Parite-B Win32 executable file virus (W32.Pinfi, W32/Pate-B, PE_PARITE.A, W32/Pate.b, W95/Parite.B, Win32.Parite.b) - Sophos security analysis
All over the place.
It couldn't clean the files and I've got it set to delete uncleanable files (as they're generally purely virus exes - obviously not in this case)
Am restoring from tape now but wanted to make anyone else aware.
I'm sure its a false positive which makes it even scarier. Stupid Sophos.
I've changed my policies now to "do nothing" if unable to clean the files
2nd June 2008, 01:18 PM #2
Full system scans run in 10mins, so I'll let you know how it goes here.
2nd June 2008, 01:20 PM #3
Not had any notifications here.
2nd June 2008, 01:21 PM #4
Good job I updated the policy to not delete, I have over 800 alerts on my apps server showing this virus as having infected every exe going. wtf is going on?!
A phonecall to sophos is required methinks.
2nd June 2008, 01:23 PM #5
Is it possible you have an actual virus? Sounds like typical virus behaviour to me...
Originally Posted by mattcharlton
2nd June 2008, 01:26 PM #6
Its possible, but its detectable by sophos, on-access scanning was turned on which is how its caught it, if the virus infects exes by sitting in memory all of the infected exes would have had to have been run to be infected - theres too many apps that just haven't been used for eons for that to have happened.
Still looking into it...
2nd June 2008, 01:29 PM #7
nm ignore that, it seeks out exes on network shares
2nd June 2008, 01:30 PM #8
Not necessarily. Some don't need to run the application in memory to infect it.
Originally Posted by mattcharlton
2nd June 2008, 01:35 PM #9
Right, chosen a random exe on the apps server and done an on-demand scan on there.
Its infected "apparently".
Modified date of 20/07/2007
Surely if it was infected by this virus it would have changed the modified date?
2nd June 2008, 01:58 PM #10
Pick a random sample of executables from the server and upload to VirusTotal - Free Online Virus and Malware Scan or Online malware scan for a comprehensive scan by multiple engines - should give you a starting point as to whether you do have a mass infection on your hands or a mass Sophos cockup!
2nd June 2008, 02:02 PM #11
Cheers will give that a go and let you know what happens
2nd June 2008, 02:10 PM #12
Thats good advice, I'd also suggest (along a very similar line) install an additional AV software(s) on a machine that can see the folder concerned and scan it with those.
2nd June 2008, 02:13 PM #13
2nd June 2008, 02:15 PM #14
- Rep Power
I am sure an e-mail was sent to us regarding this. I am not at school at the moment and our internet connection is down. I will post back when I get in
2nd June 2008, 02:23 PM #15
Don't do this multiple anti-virus software can interfere with each other, system hooks, etc. And leave you with a dead system.
Originally Posted by superfletch
By kevin_lane in forum Windows
Last Post: 7th June 2011, 10:47 AM
By DSapseid in forum EduGeek.net Site Problems
Last Post: 26th March 2008, 10:17 AM
By ITWombat in forum General Chat
Last Post: 16th June 2006, 10:30 AM
By mrtechsystems in forum Windows
Last Post: 27th September 2005, 01:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)