virus on server
Just unattaching my backup from the server before leaving and noticed a sophos virus message.
\\globalroot\device\harddiskvolumeshadowcopy4\data \software\ictalivecontent\content.exe belongs to trojan mvmbind-a
The folder contains a copy of the software installation disk that I copy to the server so I don't need the disk each time, copied from the old server and appears to be a legitimate file. Not sure what to do so I've deleted the entire folder, as I still have the disk and have emailed sophos to ask if this is a false positive. The affected file is still showing in quarentine with alerts all over enterprise consol.
Have I done enough to get rid of the virus and what else should I do.
If it was a Trojan then it should only have effected the server if it was run on it. If it was shared out to clients and run on their pcs then they are the ones likely to be infected.
If you still have the details of the original file ie file size you could check it against the suspect file to check that it has not been altered from the original disk. This should indicate whether it was infected at a later date.
I would recheck the file using other virus checkers to get a consensus on the result and also run a full system scan of the server if the file has been run on there.
It may be just a false positive as most of the scanners only use partial signatures to scan with so they will show up anything that looks like the part of the virus that they know about.
It looks to be a very new virus discovered on 24/01/2008 and is classified as low risk.
Bought the original cd home with me put it in a laptop with sophos on and the virus was picked up straight away from the cd. So not new file on server but original file from RM. Awaiting response from sophos but will also email RM for their comments!
Let me know if need it chasing at RM ends I will go and make trouble :) On serious note should not take long to sort as sophos offices are about 1 mile away from RM. :)
Get a copy of the file (assuming it's < 5MB) and throw it at this site for a variety of second opinions:
It's not perect but it is useful.
Sophos has been flagging a few things up as Viruses/Trojans/etc recently that have subsequently turned out to be harmless. So basically, don't blindly believe Sophos, it might of got it wrong.
Sample sent to sophos and i tried it on the scan site as recommended, sophos reported as clean, however, some of the other anti virus companies detected viruses mainly different ones!