Announcement

Collapse
No announcement yet.

Threat Found!Threat: [email protected] in File

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Threat Found!Threat: [email protected] in File

    Been having LOADS of these in my server logs


    "Threat Found!Threat: [email protected] in File ...."

    It's a 2003 SBS.
    The thing is - it deletes the viruses successfully in the log and every once in a while the messages simply stop...

    Tried the Netsky removal tools but to no avail.

    I have symantec corp 9 installed there.

    Any idea?
    Visit iCount
    Visit MSEC
    Visit LCS-GUIDES.COM
    Visit Melariche

  • #2
    Did you read this page with removal instrutions?

    http://[email protected]
    MCSE w2k
    MCSA w2k - MCSA w2k MESSAGING
    MCDBA SQL2k

    Comment


    • #3
      yup.

      Don't have that registry key they are talking about, and safe mode scan yielded nothing...

      Very strange.
      Visit iCount
      Visit MSEC
      Visit LCS-GUIDES.COM
      Visit Melariche

      Comment


      • #4
        try running stinger from MCafee.. maybe it works
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Try this one:

          http://www.microsoft.com/downloads/d...displaylang=en

          Good Luck
          MCSE w2k
          MCSA w2k - MCSA w2k MESSAGING
          MCDBA SQL2k

          Comment


          • #6
            windux - no malicious software detected by the scan...

            Dumber - Stinger found nothing...

            W E I R D !!!
            Visit iCount
            Visit MSEC
            Visit LCS-GUIDES.COM
            Visit Melariche

            Comment


            • #7
              Originally posted by Meni
              windux - no malicious software detected by the scan...

              Dumber - Stinger found nothing...

              W E I R D !!!
              Very WEIRD

              Your AV detects anything right now?
              MCSE w2k
              MCSA w2k - MCSA w2k MESSAGING
              MCDBA SQL2k

              Comment


              • #8
                hehehe

                yes - another error message in logs - there's one EXACTLY every 15 seconds...
                Visit iCount
                Visit MSEC
                Visit LCS-GUIDES.COM
                Visit Melariche

                Comment


                • #9
                  Originally posted by Meni
                  hehehe

                  yes - another error message in logs - there's one EXACTLY every 15 seconds...
                  HUmMmMmM.

                  You need to run another kind of removal tool!
                  Your log message is the same?
                  "Threat Found!Threat: [email protected] in File ...."
                  MCSE w2k
                  MCSA w2k - MCSA w2k MESSAGING
                  MCDBA SQL2k

                  Comment


                  • #10
                    UPDATE (!!!)

                    there'a a folder in C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\ (which is weird cause i have version 9...). The folder is called APtemp

                    it is filled with files called - ap***.exe and .scr files.

                    Know anything about this folder?

                    Seems like there's a lot of activity in it... new files keep coming in.
                    Would you say it is safe to delete them?
                    Visit iCount
                    Visit MSEC
                    Visit LCS-GUIDES.COM
                    Visit Melariche

                    Comment


                    • #11
                      look in you're taskmanager which strange processes are running.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        csrss.exe and Rtvscan.exe are having a party in there.
                        that's about it.
                        all the rest are normal processes.
                        Visit iCount
                        Visit MSEC
                        Visit LCS-GUIDES.COM
                        Visit Melariche

                        Comment


                        • #13
                          those are known services?

                          which service does create those files then?
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Process File: csrss or csrss.exe
                            Process Name: Microsoft Client/Server Runtime Server Subsystem

                            Process File: rtvscan or rtvscan.exe
                            Process Name: Symantec Real Time Virus Scan service
                            1 + 1 = 11 ... honest!

                            Comment


                            • #15
                              yeah... these 2 are normal services... i guess the csrss is the one creating those files. must be infected in some way.

                              That's what I am trying to figure out - how, and why doesn;t the AV take care of it...

                              Damn Symantec.
                              Visit iCount
                              Visit MSEC
                              Visit LCS-GUIDES.COM
                              Visit Melariche

                              Comment

                              Working...
                              X