Video Screencast Help

Very Old DOS virus ACG appeared on 64 bit server

Created: 10 Jan 2012 • Updated: 10 Jan 2012 | 8 comments
mxu's picture

I just wonder how I cannot find any information on symantec web site for ACG virus?

Version SEP 11 MR 6.0

We have a 64 bit windows server 2008 R2. WE found ACG virus on this server and quanrantined but no any information how to remove it......

Comments 8 CommentsJump to latest comment

Thomas K's picture

Can you provide an MD5 of the threat?

Submit the file to ThreatExpert, lets see what comes up then.

You can try running the Power Eraser tool to remove this -

mxu's picture

Well, it is shown 0 risk under Monitors in SEPM console but shown risk distribution 1.

but I can see 4 qurantined items under HOME.

If I double click it , it shown the risk path


sandra.g's picture

If it shows a risk path, it must also show a risk name. What is it?


Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

pete_4u2002's picture

the risk log can be found on the client.

what is the SEP version used?

mxu's picture

This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:

2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1    ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,

Mithun Sanghavi's picture


What makes you feel that this is a old virus??

Is that the name of the File OR the virus name (which may be detected by another Antivirus)?

Incase, if symantec is not detecting the Threat and a suspicious File is detected by another Antivirus then I would advise you to submit the same File to the Symantec Security Response Team on

You can also check this Article on :

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

To Understand why -- Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.