Symantec antivirus still sent alert message email to administrator (w32.downadup.b)
Updated: 21 May 2010 | 10 comments
Dear All friends,
A few months ago, my network has attacked by w32.downadup.b but it's
already solved now, but i wonder why the email alert still have sent to administrator email every the client start the windows,
I already tried to scan the client and there is no virus found, this happen only in one client, the email notification as flw:
Alert: Virus Found
Computer: PLM02
Date: 04/13/2009
Time: 07:54:23 AM
Severity: Critical
Source: Symantec AntiVirus Corporate Edition
User:
Virus Name : W32.Downadup.B
We can not see the user in the message, can anyone have solution or suggestion?
Regards,
Rudianto
discussion Filed Under:
Comments
Do you see the notification
Do you see the notification in the SPM as well? Have you checked the logs on the mail server?
Sorry, What is the SPM do you mean?
Sorry, What is the SPM do you mean?, We use SAV version 10.0 in my network.
Thanks & Regards,
Rudianto
Sorry, I was thinking that
Sorry, I was thinking that this was a SEP 11 case.
Thomas
Re
What was the action of the SEP (AV) on the infection, is it quarantined, deleted, left alone?
Double check also the Risk Log on the client side.
Re
Dear Paul,
I'm sorry for late reply, i was checked the symantec antivirus, i wonder with that, i found diffrent log (risk log, history log,
and event log) when i login as administrator and user, we cannot find the action for dowadup.b in user log but in admin log we can see completely, and in admin log it said that the virus action is quaratined, but when i checked it i cannot find it.
Do you have any suggestion....?
Thanks & Regards,
Rudianto
Dear Rudi, From few months my
Dear Rudi,
From few months my oraganization network infected with W32.Downadup.B, and symantec (11.0.4000.2295) take action as deleted but every day is shows infection on same clients (near about 30 to 40 clients) in network.
This infection shows at following paths:
C:/Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/KX8ZEX2V/umpt[1].png
C:/Documents and Settings/NetworkService/Local Settings/Temporary Internet Files/Content.IE5/KX8ZEX2V/dtjpta[1].bmp
C:/WINDOWS/system32/x
Please guide me for resolve this problem.
Thanx for your greate help in advance....
Regards,
KAILAS
I'm not sure about the last
I'm not sure about the last file, but the first 2 definitely came from the internet. If you can see which sites a user visits and test them, you'll get the infection alert.
It will be quarantined but the file will reappear whenever the user visits that site with the infected files.
“Your most unhappy customers are your greatest source of learning.”
Re
Hi kaila please see attached Symantec Writeup about Downadup.
http://www.symantec.com/security_response/writeup....
Dear Kailas,
Dear Kailas,
We do it these steps to clean our network from the downadup virus :
1. Disable autorun services in all PCs, you can follow the instruction from this link to disable services from your server:
http://www.labnol.org/software/tutorials/secure-co...
2. Run the security update windows to All client and server pc, you can download from this link :
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
3. Confirm that your virus definition is update for all server and client pc.
4. Run the full scan for all server and client pc.
Regards,
Rudianto
have you turn off your system
have you turn off your system restore? is so try to have a full scan again then monitor how it goes and delete all the temporary internet files then reoot you pc , before I forgot disable all the start up.
:-)
Would you like to reply?
Login or Register to post your comment.