Sircam on my server
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Sircam on my server

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    107

    Sircam on my server

    I am currently running Norton AntiVirus on Corporate edition 7.6. I have it set up with the central server monitoring all of my machines and email notification when any machine is infected with any virus. The current problem im having with one of my machines is that every couple of days ill get an email notification saying that i have W32.sircam.worm@mm on my machine. It attacks an older directory i have on there and it goes right for the rundll32.exe file. Thankfully that rundll32.exe file is not the one being used its from NT 4.0 and it is not the current os on the machine. Now i got all the sircam tools to remove the sircam virus from the machine and followed all details to remove the virus. I cant seem to get rid of the virus though. I deleted that rundll32.exe that got infected but i still get the same notification for the sircam virus. What could i possibly do to remove the virus from this machine????

    Any help would be much appreciated.
    Thanx

    -SOIA
    Alright take it ease

  2. #2
    Member
    Join Date
    May 2002
    Posts
    89
    Did you remove all of the quarantined files? If I remember correctly, if there are still files quarantined, the server will still complain that the machine has a virus.
    Just remember: Abraham Lincoln didn\'t die in vain. He died in Washington D.C.

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    107
    All quarantined files have been removed. I was told to do that and when i did it i still keep getting the same virus notification.
    Alright take it ease

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    352
    Try this link. Hope it helps
    \"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    107
    Tried the link out and checked out what it said. Still nothing.
    Alright take it ease

  6. #6
    Junior Member
    Join Date
    Sep 2002
    Posts
    25
    You may want to set up a Honey Pot to find out if another machine is hosting Sircam. Sircam is a worm and thus can propagate itself. It may be accessing a share or going through a known security hole on your system.

    When did NAV kick off saying it found and what process caught it? Manual, realtime, scheduled? What location did it find it in? A share?
    A slice of \"Controlled Paranoia\" is worth it\'s weight in prevention......Of course Stupidity and Faith is just fun!!!

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    107
    It wasn't in a share it was just a folder that it found somehow. It keeps catching it with realtime monitoring. How do you set up a honey pot??? What is a honey pot????
    Alright take it ease

  8. #8
    Junior Member
    Join Date
    Sep 2002
    Posts
    1
    Everything ya ever wanted to know about "honeypots" !

    http://www.enteract.com/~lspitz/honeypot.html

    ... hope this helps...
    \"Patience is a virtue best left to those who can afford it!\"
    \"Experience is the predecessor of Wisdom.\"
    W.B. Devitt III

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Try this site out, its a removal tool from Symantec.
    http://www.symantec.com/avcenter/ven...oval.tool.html

    Hope this helps!

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    107
    Tried the removal tool. wouldnt find anything.
    Alright take it ease

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •