[TCLUG] OT Virus help!!

Tue Jul 6 15:52:44 CDT 2004

Do a scan online at Trend Mcro:
            http://housecall.antivirus.com/housecall/start_frame.asp

Garrett

sk3tch at sk3tch.net wrote:

>Send the file to me in a password-protected zip.  I have access to
>several AV vendors and can submit the file for analysis.  You may want
>to do more of an examination of your environment because I doubt it is
>simply that file..there are likely registry entries, etc. involved as
>well.  Plus, as you said, you will want to identify the potential avenue
>of infection and also how this is spreading and what it is doing.
>
>Have you isolated a known "infected" host on a stand-alone hub (with no
>other hosts on it, obviously) and ran a sniffer (ethereal), port scan
>(nmap), security audit app (nessus), fport, filemon, etc etc as well as
>several of the AV vendors standalone tools?  McAfee/NAI offers Stinger
>(http://vil.nai.com/vil/stinger/) and Trend Micro offers a System
>Cleaner (http://www.trendmicro.com/download/tsc.asp).
>
>Just a few suggestions.  Good luck.
>
>
>-----Original Message-----
>From: tclug-list-bounces at mn-linux.org on behalf of Jason Sievert
>Sent: Tue 7/6/2004 3:01 PM
>To: TCLUG Mailing List
>Subject: [TCLUG] OT Virus help!!
> 
>Hey guys, my company is getting blasted with a virus that I can find 
>nothing about.  None of our latests virus scanners can seem to find it. 
>  It looks to be a single file, nortonav.exe, that is run at startup via
>
>the registry in windows.  It is choking our network to the point that 
>nothing can be done at this point.  The hardest hit seem to be windows 
>2000.  All of the computers do have the latest patches as of today.  It 
>does show up under the task manager as nortonav.exe.  I am still trying 
>to figure out how it gets in and what the traffic looks like.  Has 
>anybody seen anything like this???
>
>  
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list