Vlguar message coming
Updated: 23 May 2010 | 22 comments
Vlguar message is coming frequently on desktop, same message coming through audio also. I can't write that message here but it's starting with M* F*
In message title it's showing Compuetr F* Inside (CAY)
Same issue coming with my two clients in different locations.
Discussion Filed Under:
Comments
Hey,,
What man..look for the file it must be swf or some kind of video file..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Sounds like Spyware is
Sounds like Spyware is installed on your system. What version of AV/AS is on your system? Is your OS up to date and patched? Are you running with the latest definitions?
Here is a link to some useful Symantec removal tools.
http://www.symantec.com/business/security_response...
I hope this is helpful.
Thomas
it's not swf or video file,
it's not swf or video file, SEP 11. MR4 MP2 with latest version and another client have SAV 10.
not any unknown exe is running in taskmanager.
This doesn't neccessarily
This doesn't neccessarily mean that it isn't a swf or video file. If there really is spyware installed (which there probably is) it can do anything to your computer. This goes as far as changing the windows ui and yes that means the display that shows what processes are currently running. Most viruses are not taken to this extreme but I know it is possible. It HAS to be somesort of swf or audio file obviously because it is playing a sound file on your computer. This means there must be a process running regardless of whether or not it shows up in the task manager. Best thing to do first is a full scan in safe mode with system restore off. Also if this is a networked comptuer then you should disconnect it from your network pronto.
Cheers
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
Either try running the ESUG
Either try running the ESUG load point diagnostic tool so that some body can check that. This will clearly show if any malicious process is running.
Or manually check the following things
check folders like C:\windows and system32 for any latest files.
Check Hosts file for corruption.
in IE, go to manage Addons and check for any new or unknown addons, disable if any
clear all the temp folders
Submit suspected files
What is the latest on this?
What is the latest on this? How are things coming?
Grant-
Please don't forget to mark your thread solved with whatever answer helped you : )
Have you checked the common
Have you checked the common load points of virus for any suspected exe?
unfortunately system not
unfortunately system not booting. so i can't take logs.
Re
Have you tried to boot on safe mode?
Have tried to boot the system
Have tried to boot the system through NSS tool or symantec bootable cd.
@Ajju: I guess the weekend
@Ajju: I guess the weekend really started way way early for you..... :P
Even I cant remember ever being able to BOOT a Windows System using the NSS TOOL. And also, Symantec doesn't make any bootable CD's anymore.
@ Ajeet: Can you try booting the system using LKGC / Safe Mode? If even that's not happening, try booting into the Recovery Console using a Bootable WINDOWS OS CD, and follow this KB from Microsoft > http://support.microsoft/com/kb/307545
HTH
Abhishek Pradhan, PMP, MCT
Consultant | Microsoft Corp.
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org
Thanks Abhishek, i got
Thanks Abhishek, i got Symantec bootable CD, it's using NSS to to scan the system.
symantec not providing any support for this CD.
Ok. Then it's a pretty old
Ok. Then it's a pretty old version of the Bootable CD and hence no support for the same. I'd also recommend using the BartPE CD if you can get your hands on it. It's on the latest siggy build and best of all it's free.....
HTH
Abhishek Pradhan, PMP, MCT
Consultant | Microsoft Corp.
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org
Just because it is not
Just because it is not officially supported does not mean that it is "old". You can request the latest version of NSS that is fully updated and install it on a bootable cd that uses Windows PE. Soon there will be a fully supported packaged version of this. Check it all out in our idea's section here: https://www-secure.symantec.com/connect/idea/antiv... .
Grant-
Please don't forget to mark your thread solved with whatever answer helped you : )
Where does one find this so
Where does one find this so called bootable CD? Is this something that is available for download via Fileconnect?
There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."
Soon you will be able to
Soon you will be able to download this cd via fileconnect. For now you can get nss.exe and make your own bootable cd. There is a whole ideas section on this found here https://www-secure.symantec.com/connect/idea/antiv... . Also nss.exe is provided on a case by case basis, and you do have to call in to obtain it. But again just check out that link, it explains it all.
Cheers
Grant-
Please don't forget to mark your thread solved with whatever answer helped you : )
@Grant: NSS is also available
@Grant: NSS is also available on the symantec FTP site under the Misc. Tools section for free public download.
ftp://ftp.symantec.com/misc/tools/nss/
This is the link to the same.
HTH
Abhishek Pradhan, PMP, MCT
Consultant | Microsoft Corp.
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org
Hi Abhishek, """@Ajju: I
Hi Abhishek,
"""@Ajju: I guess the weekend really started way way early for you..... :P
Even I cant remember ever being able to BOOT a Windows System using the NSS TOOL. And also, Symantec doesn't make any bootable CD's anymore."""""
This doesn't mean that if you don't know the NSS tool to use in mutiple methods, you cannot comment on others please upgrade yourself.
upgradation required
upgradation required
@ Ajju: Your comment is
@ Ajju: Your comment is misleading. I know that you can make a bootable CD, I used to work for Symantec in the SEP team.....
When you said have you tried to boot the system thru the NSS tool, it factually and gramatically implies that you are telling others that the NSS tool can be used to boot the computer directly, which is not so, hence the correction.
Secondly, Symantec used to give the capability in the pretty older versions of SAV / NAV, that allowed you to make the bootable CD similar to BART, and this facility is not available ad hoc in the newer versions.
I could go on and on about what is possible, what was supported and what is not possible and not supported, but it'd end up into a raning match between us nor no reason at all. :)
HTH
Abhishek Pradhan, PMP, MCT
Consultant | Microsoft Corp.
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org
For Now you can use spybot
For Now you can use spybot and scan and getout from the touble. but do remember to submit the threat to security response. so that we will be safe also.
Request for more info
@Ajeet: Do you have any info on how you got this and if/how it spreads?
Could be off topic - I used to work in a company where admins and programmers used to prank each other by changing the default settings, adding something to scheduled tasks. Basically harmlessly screwing up each others' desktops when the other isn't looking.
“Your most unhappy customers are your greatest source of learning.”
Would you like to reply?
Login or Register to post your comment.