Quote:
The apache webserver is running on Windows 2003 protected by Symantec AV Corporate Edition. The virus definitions updated till 20th June.
For the past several days outward packet transmission is quite high. The virus spotted were w32.toxbot making entries in the registry and detected as files dhcpclnt.exe and netddeclnt.exe in windows system folder.
Though the virus have been cleaned after tweaking the registry but outward packet transmission is still quite high.
So did you update your antivirus to the latest virus defs ... because the 20th of June seems a while back now doesn't it ??
If you look at this :
Quote:
Intelligent Updater:
Virus Definitions created July 4
Virus Definitions released July 4
Norton AntiVirus Corp. Edition:
Defs Version: 70704i
Sequence Number: 46379
Extended Version: 7/4/2005 rev. 9
Total Viruses Detected: 69962
LiveUpdate:
Virus Definitions created June 29
Virus Definitions released June 29
Norton AntiVirus Corp. Edition:
Defs Version: 70629h
Sequence Number: 46247
Extended Version: 6/29/2005 rev. 8
Total Viruses Detected: 69903
you can see that there are more recent virus defs out there.
I don't think by tweaking you registry alone you get rid of these viruses.
If I were you I would use an online antivirusscanner like TrendMicro and start from there ... then scan with antispyware tools and sorts ... most of the time adware and sorts can also be responsible for this kind of strange behaviour.
Best you take your system off-line too ... scan it in safe mode to be sure to get rid of all nasties.
And I think you better act quick , because if you look at this site you can see what this virus actually does and you should definetly update because this variant needs virus defs from:
Quote:
protection
# Virus Definitions (Intelligent Updater) :July 01, 2005
# Virus Definitions (LiveUpdateâ„¢) :July 06, 2005
I'm sure the smart minds on AO will say more or less the same and perhaps give you some more pointers.
[EDIT]
Sum Up:
- Update antivirus defs and rescan system (best offline)
- Use antispyware tools and check again.
- Be sure your system is completely clean and better protected before putting it back online.
[/EDIT]
C.[QUOTE]