Weird Virus found

Hi all

Just went to a company. They have 3 computers hooked to a switch. The computers are able to ping each other however they cannot get to network shares.

The error in the attachment keeps popping up on all workstations.

The virus that AVG Network edition picked up a virus :Win32/Heur - Cant seem to find any information on it.

I ran a virus scan, ad ware, scan disk and normal troubleshooting. Couldn't find anything except the virus.

Now before I haul all the machines away I just wanted to find out if anyone has any information on this virus and/or can troubleshoot my problem.

They are all running XP Professional and AVG. However one of the machines had F-Secure on which I removed and placed AVG on it.

Thank you for your time.

Can you try an online scan...get a second opinion??

Where does the virus live??? what directory??

What are the file names??

MLF

assuming AVG cleaned the virus ok, try reinstalling the netbios protocol and recreate the shares.

Is there a firewall installed that is blocking anything?

See the discussion in the link below on "possible" false positives and how to confirm whether a file is actually infected.
"Heur" is short for heuristic which means a malware signature wasn't detected but something about the files was suspect enough that AVG reported it to you.
http://forum.grisoft.cz/freeforum/re...,100014,100026

Try this:

1. Check that the switch isn't defective.
2. Look in the AVG virus vault/scanning logs and see what files it has quarantined or deleted.
3. You can try to reinstall them from the Windows CD if you know what they are.
4. Run a system file check.
5. Reformat and reinstall if none of the above work. Try a repair install first.

did you try connecting via IP address rather than hostname? it may be a simple dns issue.

"Heur" stands for heuristic as DjM said. A virus that avg cant possibly identify. Try another
antivirus program like avira, my favourite, you can find it free at free-av.com
IF it is a virus issue ofcourse.
If it is a hardware issue as nihil said, try yo run 2 live cd's with something like
linux or winpe to see. But anyway, ping is working...
Did you check if NetBIOS service is up and running normally on each workstation?

Thanks for the info guys. I will be going back there today with all your thoughts and hopefully the problem will be sorted out. Ill let everyone know what the problem and solution was.

Thank you again.

You didn't say what type of environment you're in too. Just a workgroup? Domain? Trying to connect to another workstation's share? Server share? As suggested, try with ip, not computer name. Is the computer browser service running? netbios? What bout server service on the machine doing the sharing? Can you scan and connect to the correct ports? Try to delete/recreate the share. Make sure file/print is enabled. Check the logs for permissions problems. (enable auditing for a better idea of what is going on)

If you're going to run the online virus scan, try to do it in safe mode (with networking) after the activex/java client has been loaded on the machine. I'm not sure if the activex/java client will install if you go right to safe mode. You may have to load it first.