+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Possible virus spreading? in Technical; Ive set Sophos to alert me whenever it finds a virus, and normally I get about 1 a day Today ...
  1. #1

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Possible virus spreading?

    Ive set Sophos to alert me whenever it finds a virus, and normally I get about 1 a day

    Today however, Ive had about 30, all with the same viruses, so it looks like it could be spreading.

    Thing is, all the reports say the file has been deleted, so the infection is gone. And how can it spread if its deleted?

    Not noticed any network performance decrease, nothing is really happening at all, and 30 computers out of 400 odd that are on at the minute isnt much. But Im just a bit concerned

    These are the 3 viruses that make up almost all of the alerts:

    Virus 'Troj/Psyme-DL' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\LJD21B4L\new[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\LJD21B4L\new[1].htm" has been deleted.

    ---

    Virus 'Troj/Agent-DXR' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp2[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp2[1].htm" has been deleted.

    ---

    Virus 'Troj/CoreSrv-A' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp5[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp5[1].htm" has been deleted.

    ---


    Had a look on the net and they just look to be adware downloaders or something similar

  2. #2

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199

    Re: Possible virus spreading?

    We thought we had one today. NAV had stopped updating on a whole suite. A few of the machines were just freezing up and refusing to reboot at times. Couldn't run NAV with updated definitions so had no way to check.
    Ghosted it and it still done it.

    Found out that the 'variable cpu fan control' that the motherboard does has decided that the best speed for the cpu fan is off at times.
    FunFunFun

  3. #3
    alan-d's Avatar
    Join Date
    Aug 2005
    Location
    Sutton Coldfield
    Posts
    2,414
    Thank Post
    359
    Thanked 256 Times in 187 Posts
    Rep Power
    75

    Re: Possible virus spreading?

    I've been monitoring one student that brings a usb stick in - loads an .exe it and finds that Sophos has deleted it

    She's been trying for a week now - just waiting for her to come and see us to complain

  4. #4

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: Possible virus spreading?

    Came back from lunch and theres another 30/40 alerts

    Ive noticed that all the alerts for these specific viruses seem to be coming from users all in the same year group.

    Thinking it might be a web site that they're telling each other about and they're all going on it. Just need to catch one of the buggers at it to see what it is

  5. #5

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162

    Re: Possible virus spreading?

    Quote Originally Posted by sidewinder
    Ive set Sophos to alert me whenever it finds a virus, and normally I get about 1 a day

    Today however, Ive had about 30, all with the same viruses, so it looks like it could be spreading.

    Thing is, all the reports say the file has been deleted, so the infection is gone. And how can it spread if its deleted?

    Not noticed any network performance decrease, nothing is really happening at all, and 30 computers out of 400 odd that are on at the minute isnt much. But Im just a bit concerned

    These are the 3 viruses that make up almost all of the alerts:

    Virus 'Troj/Psyme-DL' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\LJD21B4L\new[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\LJD21B4L\new[1].htm" has been deleted.

    ---

    Virus 'Troj/Agent-DXR' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp2[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp2[1].htm" has been deleted.

    ---

    Virus 'Troj/CoreSrv-A' has been detected in "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp5[1].htm". Cleanup unavailable.

    Infected file "C:\Documents and Settings\kkturl\Local Settings\Temporary Internet Files\Content.IE5\RWQ14NIJ\exp5[1].htm" has been deleted.

    ---


    Had a look on the net and they just look to be adware downloaders or something similar
    When they are in the temp internet files it normally means there is a website or popup trying to do something. This many points to a popular website going around thorugh word of mouth or someone using it lots as they go around. Only way we have found to track the website down is to search our internet logs on the Proxy for the htm page minus the number in square brackets, so exp5.htm. Then filter the website.

SHARE:
+ Post New Thread

Similar Threads

  1. Best way of spreading wireless load without managed system?
    By sidewinder in forum Wireless Networks
    Replies: 18
    Last Post: 1st February 2008, 12:51 PM
  2. Website Virus
    By karldenton in forum Web Development
    Replies: 6
    Last Post: 21st November 2007, 11:56 AM
  3. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM
  4. eTrust anti-virus
    By localzuk in forum Windows
    Replies: 2
    Last Post: 2nd March 2007, 10:45 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •