Network virus problem – Windows XP

425 pts.
Tags:
Symantec AntiVirus
Viruses
Windows XP
In spite of having Symantec anti-virus, with updated definitions, a virus has got into our network. Virus scans on several computers report a virus in folder C:Documents and SettingsAll Users_qbothomemsadvapi.dll. In spite of settings to view hidden folders, Windows Explorer does not show the existence of this folder, although Synmantec indicates "Quarantine failed, clean failed, access denied". So why can't I see the folder? Any ideas how to combat this?

Answer Wiki

Thanks. We'll let you know when a new response is added.

The nice thing about having Symantec as your anti-virus is they provide support for removing them as well. I would get on the phone with Symantec for help with this.

=====================
Download and run the <a href=”http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en”>Microsoft Malicious Software Removal Tool</a>. It does a great job of cleaning up systems and is a great tool when there is an outbreak. It is updated every month with the monthly MS updates. This tool has saved my organization a lot of work. It will take quite some time to run and complete a full scan, but it will clean a lot of infections since they exploit MS vulnerabilities. Be sure to patch these systems once you have scanned and cleaned them.

Take a look at my blog for yesterday. I posted a link to an <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/did-you-see-this-system-cleaning-getting-rid-of-malware-from-infected-pcs/”>article about cleaning infected systems</a>.

In the IT trenches? So am I – read my <a href=”http://itknowledgeexchange.techtarget.com/it-trenches”>IT-Trenches blog</a>

============
The folders are hidden by means of codes created by the virus creator. Your antivirus software cannot delete the virus because it might be already infecting the system files or it is also possible that it is not updated or licensed.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • RandomSkratch
    Try navigating to that directory manually and see if it works (minus the file). eg, just paste the full path in the address field of an open explorer window. There are some directories (such as various Internet Explorer temporary file directories) that remain hidden despite selecting show all hidden files/folders. Haven't figured out how to display them in explorer though. Don't forget to take those computers off the network!! Also, try some other scanning tools such as Malwarebytes Anti-Malware or Spybot S&D. I find these do a much better job than our McAfee protection.
    25 pointsBadges:
    report
  • Britinga
    After a little experimenting, I found that if I restarted in safe mode and then selected 'View Hidden Files and Folders' then I could use Windows Explorer to view and delete the offending files. I now intend to go to each machine and do this - over 100 in all, but worth the effort.
    425 pointsBadges:
    report
  • Britinga
    There are possibly other infected files. I would highly recommend also running the MRT tool in conjunction with the activities you describe. Two AV tools are much more powerful than one and will help ensure the system integrity. Be sure to also apply patches for the vulnerabilities that this virus exploited.
    0 pointsBadges:
    report
  • Lusy
    Try to scan with Malware byte antimalware edition or run dial-a-fix. Both are very good for remove any kind of infection. If you want more help then pleas go to at: www.iyogi.net
    825 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following