+ Post New Thread
Results 1 to 7 of 7
Windows Thread, virus on server in Technical; Just unattaching my backup from the server before leaving and noticed a sophos virus message. \globalroot\device\harddiskvolumeshadowcopy4\data \software\ictalivecontent\content.exe belongs to trojan ...
  1. #1
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,507
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    46

    virus on server

    Just unattaching my backup from the server before leaving and noticed a sophos virus message.

    \\globalroot\device\harddiskvolumeshadowcopy4\data \software\ictalivecontent\content.exe belongs to trojan mvmbind-a

    The folder contains a copy of the software installation disk that I copy to the server so I don't need the disk each time, copied from the old server and appears to be a legitimate file. Not sure what to do so I've deleted the entire folder, as I still have the disk and have emailed sophos to ask if this is a false positive. The affected file is still showing in quarentine with alerts all over enterprise consol.
    Have I done enough to get rid of the virus and what else should I do.

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    If it was a Trojan then it should only have effected the server if it was run on it. If it was shared out to clients and run on their pcs then they are the ones likely to be infected.

    If you still have the details of the original file ie file size you could check it against the suspect file to check that it has not been altered from the original disk. This should indicate whether it was infected at a later date.

    I would recheck the file using other virus checkers to get a consensus on the result and also run a full system scan of the server if the file has been run on there.

    It may be just a false positive as most of the scanners only use partial signatures to scan with so they will show up anything that looks like the part of the virus that they know about.

    It looks to be a very new virus discovered on 24/01/2008 and is classified as low risk.
    Last edited by SYNACK; 25th January 2008 at 06:16 PM. Reason: Tidying grammar and more information

  3. #3
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,507
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    46
    Bought the original cd home with me put it in a laptop with sophos on and the virus was picked up straight away from the cd. So not new file on server but original file from RM. Awaiting response from sophos but will also email RM for their comments!

  4. #4

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,922
    Thank Post
    709
    Thanked 551 Times in 366 Posts
    Blog Entries
    3
    Rep Power
    204
    Let me know if need it chasing at RM ends I will go and make trouble On serious note should not take long to sort as sophos offices are about 1 mile away from RM.

    Russ

  5. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Get a copy of the file (assuming it's < 5MB) and throw it at this site for a variety of second opinions:

    scanner.virus.org

    It's not perect but it is useful.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Sophos has been flagging a few things up as Viruses/Trojans/etc recently that have subsequently turned out to be harmless. So basically, don't blindly believe Sophos, it might of got it wrong.

  7. #7
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,507
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    46
    Sample sent to sophos and i tried it on the scan site as recommended, sophos reported as clean, however, some of the other anti virus companies detected viruses mainly different ones!

SHARE:
+ Post New Thread

Similar Threads

  1. Website Virus
    By karldenton in forum Web Development
    Replies: 6
    Last Post: 21st November 2007, 11:56 AM
  2. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM
  3. Possible virus spreading?
    By sidewinder in forum Windows
    Replies: 4
    Last Post: 9th February 2007, 02:31 PM
  4. Replies: 20
    Last Post: 14th August 2006, 08:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •