Hi,
1. The machine on which you suspect this threat does it have a shared drive ?
- No. A machine that have this virus, it doesn't have a shared drive.
2. What components of Sep are installed ?
- We use the following SEP components on all our machines: Antivirus, AntiSpyware, Firewall, IPS
3. Is it a DB server ?
- No.
4. Is this machine accessed by a group of users during production hours to save data or to access some files remotely ?
- No.
5. Is autorun.inf disabled on this machine ?
- No. It is not disabled
6. Is there any machine in the network which is out of definitions or self managed ?
- The machines where this virus file is located all have the latest definitions. As for computers in the network that are out of definitions - we have them in the LAN aproximatelly 5 percent from whole 3000 machines (they are dead computers ).
7. Any user accessing this suspected machine remotely ? VPN users
- No.
8. Have you isolated this machine completely scanned it using all Sep components with current defs on it or with NSS ?
- Yes.
9. What do you see in processess do you see any specific process spiking up ?\
- There are no any specific process like spiking up or something else.