Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Very Old DOS virus ACG appeared on 64 bit server

Created: 10 Jan 2012 • Updated: 10 Jan 2012 | 8 comments
mxu's picture

I just wonder how I cannot find any information on symantec web site for ACG virus?

Version SEP 11 MR 6.0

 

We have a 64 bit windows server 2008 R2. WE found ACG virus on this server and quanrantined but no any information how to remove it......

Comments 8 CommentsJump to latest comment

Thomas K's picture

Can you provide an MD5 of the threat?

Submit the file to ThreatExpert, lets see what comes up then.

http://www.threatexpert.com/submit.aspx

You can try running the Power Eraser tool to remove this - http://www.symantec.com/business/security_response...

mxu's picture

Well, it is shown 0 risk under Monitors in SEPM console but shown risk distribution 1.

but I can see 4 qurantined items under HOME.

If I double click it , it shown the risk path

c:\users\administrator\AppData\local\Temp\DWer2036.tmp

sandra.g's picture

If it shows a risk path, it must also show a risk name. What is it?

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

pete_4u2002's picture

the risk log can be found on the client.

what is the SEP version used?

mxu's picture

This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:

2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1    ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,
 

Mithun Sanghavi's picture

Hello,

What makes you feel that this is a old virus??

Is that the name of the File OR the virus name (which may be detected by another Antivirus)?

Incase, if symantec is not detecting the Threat and a suspicious File is detected by another Antivirus then I would advise you to submit the same File to the Symantec Security Response Team on 

https://submit.symantec.com/websubmit/essential.cgi

You can also check this Article on :

 

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

 

To Understand why -- Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.