Home > IT Answers > Security > Network virus problem - Windows XP
Britinga
345 pts.
0
Q:
Network virus problem - Windows XP
Viruses, Symantec AntiVirus, Windows XP
In spite of having Symantec anti-virus, with updated definitions, a virus has got into our network. Virus scans on several computers report a virus in folder C:\Documents and Settings\All Users\_qbothome\msadvapi.dll.
In spite of settings to view hidden folders, Windows Explorer does not show the existence of this folder, although Synmantec indicates "Quarantine failed, clean failed, access denied". So why can't I see the folder? Any ideas how to combat this?
ASKED: Jun 25 2009  2:23 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Labnuke99
26360 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
The nice thing about having Symantec as your anti-virus is they provide support for removing them as well. I would get on the phone with Symantec for help with this.

=====================
Download and run the Microsoft Malicious Software Removal Tool. It does a great job of cleaning up systems and is a great tool when there is an outbreak. It is updated every month with the monthly MS updates. This tool has saved my organization a lot of work. It will take quite some time to run and complete a full scan, but it will clean a lot of infections since they exploit MS vulnerabilities. Be sure to patch these systems once you have scanned and cleaned them.

Take a look at my blog for yesterday. I posted a link to an article about cleaning infected systems.

In the IT trenches? So am I - read my IT-Trenches blog
Last Answered: Jun 25 2009  3:46 PM GMT by Labnuke99   26360 pts.
Latest Contributors: Technochic   40140 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

RandomSkratch   25 pts.  |   Jun 25 2009  3:15PM GMT

Try navigating to that directory manually and see if it works (minus the file). eg, just paste the full path in the address field of an open explorer window.

There are some directories (such as various Internet Explorer temporary file directories) that remain hidden despite selecting show all hidden files/folders. Haven’t figured out how to display them in explorer though.

Don’t forget to take those computers off the network!!

Also, try some other scanning tools such as Malwarebytes Anti-Malware or Spybot S&D. I find these do a much better job than our McAfee protection.

 

Britinga   345 pts.  |   Jun 26 2009  1:45PM GMT

After a little experimenting, I found that if I restarted in safe mode and then selected ‘View Hidden Files and Folders’ then I could use Windows Explorer to view and delete the offending files. I now intend to go to each machine and do this - over 100 in all, but worth the effort.

 

Troy Tate   0 pts.  |   Jun 26 2009  7:22PM GMT

There are possibly other infected files. I would highly recommend also running the MRT tool in conjunction with the activities you describe. Two AV tools are much more powerful than one and will help ensure the system integrity. Be sure to also apply patches for the vulnerabilities that this virus exploited.

 

Lusy   825 pts.  |   Jul 3 2009  6:15AM GMT

Try to scan with Malware byte antimalware edition or run dial-a-fix. Both are very good for remove any kind of infection.
If you want more help then pleas go to at: <a href="http://www.iyogi.net" title="http://www.iyogi. " target="_blank">www.iyogi.net</a>

 
0