Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Very Old DOS virus ACG appeared on 64 bit server

Created: 10 Jan 2012 • Updated: 10 Jan 2012 | 8 comments
mxu's picture

I just wonder how I cannot find any information on symantec web site for ACG virus?

Version SEP 11 MR 6.0

We have a 64 bit windows server 2008 R2. WE found ACG virus on this server and quanrantined but no any information how to remove it......

Comments 8 CommentsJump to latest comment

Thomas K's picture

Can you provide an MD5 of the threat?

Submit the file to ThreatExpert, lets see what comes up then.

http://www.threatexpert.com/submit.aspx

You can try running the Power Eraser tool to remove this - http://www.symantec.com/business/security_response...

mxu's picture

Well, it is shown 0 risk under Monitors in SEPM console but shown risk distribution 1.

but I can see 4 qurantined items under HOME.

If I double click it , it shown the risk path

c:\users\administrator\AppData\local\Temp\DWer2036.tmp

sandra.g's picture

If it shows a risk path, it must also show a risk name. What is it?

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

pete_4u2002's picture

the risk log can be found on the client.

what is the SEP version used?

mxu's picture

This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:

2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1    ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,
 

Mithun Sanghavi's picture

Hello,

What makes you feel that this is a old virus??

Is that the name of the File OR the virus name (which may be detected by another Antivirus)?

Incase, if symantec is not detecting the Threat and a suspicious File is detected by another Antivirus then I would advise you to submit the same File to the Symantec Security Response Team on 

https://submit.symantec.com/websubmit/essential.cgi

You can also check this Article on :

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

To Understand why -- Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.