-
August 20th, 2007, 04:00 PM
#1
Weird Virus found
Hi all
Just went to a company. They have 3 computers hooked to a switch. The computers are able to ping each other however they cannot get to network shares.
The error in the attachment keeps popping up on all workstations.
The virus that AVG Network edition picked up a virus :Win32/Heur - Cant seem to find any information on it.
I ran a virus scan, ad ware, scan disk and normal troubleshooting. Couldn't find anything except the virus.
Now before I haul all the machines away I just wanted to find out if anyone has any information on this virus and/or can troubleshoot my problem.
They are all running XP Professional and AVG. However one of the machines had F-Secure on which I removed and placed AVG on it.
Thank you for your time.
Last edited by Cider; October 25th, 2010 at 01:25 PM.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 20th, 2007, 04:08 PM
#2
Can you try an online scan...get a second opinion??
Where does the virus live??? what directory??
What are the file names??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 20th, 2007, 04:27 PM
#3
assuming AVG cleaned the virus ok, try reinstalling the netbios protocol and recreate the shares.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
August 20th, 2007, 04:53 PM
#4
Is there a firewall installed that is blocking anything?
-
August 20th, 2007, 05:16 PM
#5
See the discussion in the link below on "possible" false positives and how to confirm whether a file is actually infected.
"Heur" is short for heuristic which means a malware signature wasn't detected but something about the files was suspect enough that AVG reported it to you.
http://forum.grisoft.cz/freeforum/re...,100014,100026
-
August 20th, 2007, 07:28 PM
#6
Try this:
1. Check that the switch isn't defective.
2. Look in the AVG virus vault/scanning logs and see what files it has quarantined or deleted.
3. You can try to reinstall them from the Windows CD if you know what they are.
4. Run a system file check.
5. Reformat and reinstall if none of the above work. Try a repair install first.
Last edited by nihil; August 20th, 2007 at 08:40 PM.
-
August 20th, 2007, 09:01 PM
#7
Junior Member
did you try connecting via IP address rather than hostname? it may be a simple dns issue.
-
August 21st, 2007, 01:25 AM
#8
Junior Member
"Heur" stands for heuristic as DjM said. A virus that avg cant possibly identify. Try another
antivirus program like avira, my favourite, you can find it free at free-av.com
IF it is a virus issue ofcourse.
If it is a hardware issue as nihil said, try yo run 2 live cd's with something like
linux or winpe to see. But anyway, ping is working...
Did you check if NetBIOS service is up and running normally on each workstation?
Everyone gets away with something. No one gets away with everything...
-
August 21st, 2007, 10:48 AM
#9
Thanks for the info guys. I will be going back there today with all your thoughts and hopefully the problem will be sorted out. Ill let everyone know what the problem and solution was.
Thank you again.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 21st, 2007, 12:51 PM
#10
You didn't say what type of environment you're in too. Just a workgroup? Domain? Trying to connect to another workstation's share? Server share? As suggested, try with ip, not computer name. Is the computer browser service running? netbios? What bout server service on the machine doing the sharing? Can you scan and connect to the correct ports? Try to delete/recreate the share. Make sure file/print is enabled. Check the logs for permissions problems. (enable auditing for a better idea of what is going on)
If you're going to run the online virus scan, try to do it in safe mode (with networking) after the activex/java client has been loaded on the machine. I'm not sure if the activex/java client will install if you go right to safe mode. You may have to load it first.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Similar Threads
-
By HTRegz in forum AntiVirus Discussions
Replies: 8
Last Post: September 26th, 2006, 09:28 PM
-
By ShagDevil in forum Miscellaneous Security Discussions
Replies: 12
Last Post: September 3rd, 2006, 04:54 AM
-
By M@rin3 Snip3r in forum AntiOnline's General Chit Chat
Replies: 6
Last Post: September 24th, 2003, 03:59 AM
-
By Alcatraz in forum The Security Tutorials Forum
Replies: 7
Last Post: July 25th, 2002, 11:15 AM
-
By jehnx in forum AntiVirus Discussions
Replies: 10
Last Post: June 16th, 2002, 02:16 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|