Windows Thread, virus on server in Technical; Just unattaching my backup from the server before leaving and noticed a sophos virus message.
\globalroot\device\harddiskvolumeshadowcopy4\data \software\ictalivecontent\content.exe belongs to trojan ...
25th January 2008, 06:01 PM #1
virus on server
Just unattaching my backup from the server before leaving and noticed a sophos virus message.
\\globalroot\device\harddiskvolumeshadowcopy4\data \software\ictalivecontent\content.exe belongs to trojan mvmbind-a
The folder contains a copy of the software installation disk that I copy to the server so I don't need the disk each time, copied from the old server and appears to be a legitimate file. Not sure what to do so I've deleted the entire folder, as I still have the disk and have emailed sophos to ask if this is a false positive. The affected file is still showing in quarentine with alerts all over enterprise consol.
Have I done enough to get rid of the virus and what else should I do.
25th January 2008, 06:05 PM #2
If it was a Trojan then it should only have effected the server if it was run on it. If it was shared out to clients and run on their pcs then they are the ones likely to be infected.
If you still have the details of the original file ie file size you could check it against the suspect file to check that it has not been altered from the original disk. This should indicate whether it was infected at a later date.
I would recheck the file using other virus checkers to get a consensus on the result and also run a full system scan of the server if the file has been run on there.
It may be just a false positive as most of the scanners only use partial signatures to scan with so they will show up anything that looks like the part of the virus that they know about.
It looks to be a very new virus discovered on 24/01/2008 and is classified as low risk.
Last edited by SYNACK; 25th January 2008 at 06:16 PM.
Reason: Tidying grammar and more information
25th January 2008, 06:40 PM #3
Bought the original cd home with me put it in a laptop with sophos on and the virus was picked up straight away from the cd. So not new file on server but original file from RM. Awaiting response from sophos but will also email RM for their comments!
25th January 2008, 07:09 PM #4
Let me know if need it chasing at RM ends I will go and make trouble On serious note should not take long to sort as sophos offices are about 1 mile away from RM.
25th January 2008, 08:19 PM #5
Get a copy of the file (assuming it's < 5MB) and throw it at this site for a variety of second opinions:
It's not perect but it is useful.
25th January 2008, 08:46 PM #6
Sophos has been flagging a few things up as Viruses/Trojans/etc recently that have subsequently turned out to be harmless. So basically, don't blindly believe Sophos, it might of got it wrong.
26th January 2008, 12:57 PM #7
Sample sent to sophos and i tried it on the scan site as recommended, sophos reported as clean, however, some of the other anti virus companies detected viruses mainly different ones!
By karldenton in forum Web Development
Last Post: 21st November 2007, 11:56 AM
By jlr58 in forum Windows
Last Post: 27th June 2007, 08:06 PM
By sidewinder in forum Windows
Last Post: 9th February 2007, 02:31 PM
By tickmike in forum Windows
Last Post: 14th August 2006, 08:38 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)