September 4th, 2002, 08:03 PM
Sircam on my server
I am currently running Norton AntiVirus on Corporate edition 7.6. I have it set up with the central server monitoring all of my machines and email notification when any machine is infected with any virus. The current problem im having with one of my machines is that every couple of days ill get an email notification saying that i have W32.sircam.worm@mm on my machine. It attacks an older directory i have on there and it goes right for the rundll32.exe file. Thankfully that rundll32.exe file is not the one being used its from NT 4.0 and it is not the current os on the machine. Now i got all the sircam tools to remove the sircam virus from the machine and followed all details to remove the virus. I cant seem to get rid of the virus though. I deleted that rundll32.exe that got infected but i still get the same notification for the sircam virus. What could i possibly do to remove the virus from this machine????
Any help would be much appreciated.
September 4th, 2002, 08:17 PM
Did you remove all of the quarantined files? If I remember correctly, if there are still files quarantined, the server will still complain that the machine has a virus.
Just remember: Abraham Lincoln didn\'t die in vain. He died in Washington D.C.
September 4th, 2002, 08:19 PM
All quarantined files have been removed. I was told to do that and when i did it i still keep getting the same virus notification.
September 4th, 2002, 08:21 PM
Try this link. Hope it helps
\"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara
September 4th, 2002, 08:31 PM
Tried the link out and checked out what it said. Still nothing.
September 6th, 2002, 09:20 PM
You may want to set up a Honey Pot to find out if another machine is hosting Sircam. Sircam is a worm and thus can propagate itself. It may be accessing a share or going through a known security hole on your system.
When did NAV kick off saying it found and what process caught it? Manual, realtime, scheduled? What location did it find it in? A share?
A slice of \"Controlled Paranoia\" is worth it\'s weight in prevention......Of course Stupidity and Faith is just fun!!!
September 6th, 2002, 09:27 PM
It wasn't in a share it was just a folder that it found somehow. It keeps catching it with realtime monitoring. How do you set up a honey pot??? What is a honey pot????
September 7th, 2002, 12:41 AM
Everything ya ever wanted to know about "honeypots" !
... hope this helps...
\"Patience is a virtue best left to those who can afford it!\"
\"Experience is the predecessor of Wisdom.\"
W.B. Devitt III
September 9th, 2002, 03:04 PM
Try this site out, its a removal tool from Symantec.
Hope this helps!
September 9th, 2002, 03:16 PM
Tried the removal tool. wouldnt find anything.