Very Old DOS virus ACG appeared on 64 bit server
Updated: 10 Jan 2012 | 8 comments
I just wonder how I cannot find any information on symantec web site for ACG virus?
Version SEP 11 MR 6.0
We have a 64 bit windows server 2008 R2. WE found ACG virus on this server and quanrantined but no any information how to remove it......
Discussion Filed Under:
Group Ownership:
Comments
what is the threat
what is the threat reported?
Can you post the risk logs?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Can you provide an MD5 of the
Can you provide an MD5 of the threat?
Submit the file to ThreatExpert, lets see what comes up then.
http://www.threatexpert.com/submit.aspx
You can try running the Power Eraser tool to remove this - http://www.symantec.com/business/security_response...
Well, it is shown 0 risk
Well, it is shown 0 risk under Monitors in SEPM console but shown risk distribution 1.
but I can see 4 qurantined items under HOME.
If I double click it , it shown the risk path
c:\users\administrator\AppData\local\Temp\DWer2036.tmp
Risk name
If it shows a risk path, it must also show a risk name. What is it?
sandra
Symantec Endpoint & Mobility Group / Information Development
Don't forget to mark your thread as 'solved' with the answer that best helped you!
the risk log can be found on
the risk log can be found on the client.
what is the SEP version used?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
This server has no internet
This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:
2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1 ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,
SEP version is 11 MR 6.0
SEP version is 11 MR 6.0
Questions and Suggestion
Hello,
What makes you feel that this is a old virus??
Is that the name of the File OR the virus name (which may be detected by another Antivirus)?
Incase, if symantec is not detecting the Threat and a suspicious File is detected by another Antivirus then I would advise you to submit the same File to the Symantec Security Response Team on
https://submit.symantec.com/websubmit/essential.cgi
You can also check this Article on :
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
To Understand why -- Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not
http://www.symantec.com/docs/TECH98929
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Would you like to reply?
Login or Register to post your comment.