+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
MIS Systems Thread, Sims / Sophos this morning - A Warning in Technical; I'm not sure if its a false positive or whether something has infected the sims directory this morning but we've ...
  1. #1
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Sims / Sophos this morning - A Warning

    I'm not sure if its a false positive or whether something has infected the sims directory this morning but we've had the setups directory completely annilihated by Sophos on access scanning.

    Was detecting

    W32/Parite-B Win32 executable file virus (W32.Pinfi, W32/Pate-B, PE_PARITE.A, W32/Pate.b, W95/Parite.B, Win32.Parite.b) - Sophos security analysis

    All over the place.

    It couldn't clean the files and I've got it set to delete uncleanable files (as they're generally purely virus exes - obviously not in this case)

    Am restoring from tape now but wanted to make anyone else aware.

    I'm sure its a false positive which makes it even scarier. Stupid Sophos.

    I've changed my policies now to "do nothing" if unable to clean the files

    Matt

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Full system scans run in 10mins, so I'll let you know how it goes here.

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,452 Times in 1,898 Posts
    Blog Entries
    24
    Rep Power
    832
    Not had any notifications here.

  4. #4
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    ARGH!

    Good job I updated the policy to not delete, I have over 800 alerts on my apps server showing this virus as having infected every exe going. wtf is going on?!

    A phonecall to sophos is required methinks.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,452 Times in 1,898 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by mattcharlton View Post
    ARGH!

    Good job I updated the policy to not delete, I have over 800 alerts on my apps server showing this virus as having infected every exe going. wtf is going on?!

    A phonecall to sophos is required methinks.
    Is it possible you have an actual virus? Sounds like typical virus behaviour to me...

  6. #6
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Its possible, but its detectable by sophos, on-access scanning was turned on which is how its caught it, if the virus infects exes by sitting in memory all of the infected exes would have had to have been run to be infected - theres too many apps that just haven't been used for eons for that to have happened.

    Still looking into it...

  7. #7
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    nm ignore that, it seeks out exes on network shares

  8. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,452 Times in 1,898 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by mattcharlton View Post
    Its possible, but its detectable by sophos, on-access scanning was turned on which is how its caught it, if the virus infects exes by sitting in memory all of the infected exes would have had to have been run to be infected - theres too many apps that just haven't been used for eons for that to have happened.

    Still looking into it...
    Not necessarily. Some don't need to run the application in memory to infect it.

  9. #9
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Right, chosen a random exe on the apps server and done an on-demand scan on there.

    Its infected "apparently".

    Modified date of 20/07/2007

    Surely if it was infected by this virus it would have changed the modified date?

  10. #10

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Pick a random sample of executables from the server and upload to VirusTotal - Free Online Virus and Malware Scan or Online malware scan for a comprehensive scan by multiple engines - should give you a starting point as to whether you do have a mass infection on your hands or a mass Sophos cockup!

  11. #11
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Cheers will give that a go and let you know what happens

  12. #12
    superfletch's Avatar
    Join Date
    Nov 2007
    Location
    South
    Posts
    434
    Thank Post
    146
    Thanked 77 Times in 61 Posts
    Rep Power
    31
    Thats good advice, I'd also suggest (along a very similar line) install an additional AV software(s) on a machine that can see the folder concerned and scan it with those.

  13. #13
    mattcharlton's Avatar
    Join Date
    May 2007
    Location
    Bradford
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

  14. #14

    Join Date
    May 2008
    Posts
    56
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13
    I am sure an e-mail was sent to us regarding this. I am not at school at the moment and our internet connection is down. I will post back when I get in

  15. #15
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    469
    Thank Post
    14
    Thanked 50 Times in 48 Posts
    Rep Power
    23
    Quote Originally Posted by superfletch View Post
    Thats good advice, I'd also suggest (along a very similar line) install an additional AV software(s) on a machine that can see the folder concerned and scan it with those.
    Don't do this multiple anti-virus software can interfere with each other, system hooks, etc. And leave you with a dead system.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. sophos v7 and SIMS.net
    By kevin_lane in forum Windows
    Replies: 5
    Last Post: 7th June 2011, 09:47 AM
  2. [CLOSED] Bug/Error: 2 Errors this morning
    By DSapseid in forum EduGeek.net Site Problems
    Replies: 1
    Last Post: 26th March 2008, 09:17 AM
  3. I 'm ging to pay for this in the morning
    By ITWombat in forum General Chat
    Replies: 4
    Last Post: 16th June 2006, 09:30 AM
  4. Warning all Sophos Users
    By mrtechsystems in forum Windows
    Replies: 23
    Last Post: 27th September 2005, 12:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •