OK as we have recently re-enabled vscan following an OnTap upgrade on our filers this mystery virus has started reappearing....
Fri Oct 14 15:36:57 BST 2011, An infection has been found Event Severity Level : Warning Scan Rule : Repair or delete viruses File name : \\?\UNC\192.168.x.x\ONTAP_ADMIN$\vol\vverylongpathname\username.exe File status : NOT REPAIRED Component name : TEMP_FILE_019AED08 Component disposition : INFECTED Virus name : W32.Changeup Virus ID : 8657 Virus definitions : 20111013.025 Client SID : S-1-5-21-320318436-277146499-3611779707-21529 Client Computer : PC-PCNAME Client IP : 10.x.x.x Scan Duration (sec) : 0.016 Connect Duration (sec) : 0.125 Scan Engine IP address : 192.168.x.x Scan Engine Port number : 0 Uptime (in seconds) : 149315
The scan engine is set to scan and repair or delete... yet all of these log statments mention "NOT REPAIRED"... the file in question does not appear to be in the location mentioned, we have even checked with hidden/system and protected O/S file view enabled...
But it keeps coming back.,.. even after running full client end AV scans on the PC's in question
Any ideas... we are running out of ideas...
When this initially popped up about 10 weeks ago the first 2 PC's we checked were detached and scanned and had a whole load of infections cleaned up.... this doesnt seem to be the case with the current access attempts....
OK its a low risk virus but its raising alerts against our operational team which thery are quite rightly becoming a little agitated with. If we cnat clear it up then they might be less diligent at responding should another outbreak of a more serious nature were to ever happen !
I'd appreciate any suggestions....
regards
Rob