Intel,Altiris Group

  • 1.  Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 10, 2012 11:31 AM

    I just wonder how I cannot find any information on symantec web site for ACG virus?

    Version SEP 11 MR 6.0

     

    We have a 64 bit windows server 2008 R2. WE found ACG virus on this server and quanrantined but no any information how to remove it......



  • 2.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Broadcom Employee
    Posted Jan 10, 2012 11:35 AM

    what is the threat reported?

    Can you post the risk logs?



  • 3.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 10, 2012 11:41 AM

    Can you provide an MD5 of the threat?

    Submit the file to ThreatExpert, lets see what comes up then.

    http://www.threatexpert.com/submit.aspx

    You can try running the Power Eraser tool to remove this - http://www.symantec.com/business/security_response/malware.jsp



  • 4.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 10, 2012 12:08 PM

    Well, it is shown 0 risk under Monitors in SEPM console but shown risk distribution 1.

    but I can see 4 qurantined items under HOME.

    If I double click it , it shown the risk path

    c:\users\administrator\AppData\local\Temp\DWer2036.tmp



  • 5.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Broadcom Employee
    Posted Jan 10, 2012 12:36 PM

    the risk log can be found on the client.

    what is the SEP version used?



  • 6.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 10, 2012 01:28 PM

    SEP version is 11 MR 6.0



  • 7.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 10, 2012 01:45 PM

    This server has no internet access I found out later. where is the risk log located? I found this under c:\users\administrator\symantec \symantec log:

    2A000A032231,46,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,33554436,"",1326195286,,0,101 {AE2A45AC-2C0D-4F8F-B29D-D4F621A9846D} 0 1    ACG 2;0;13 0 0 ee795f73-c7c0-4067-b429-9d651e27f669 0,0,10823,0,0,0,,,0,,0,0,1,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,999,,091d987d-a428-425d-bef1-39242b4f8978,0,,
    2A000A032231,5,1,2,Eserver,Administrator,ACG,C:\Users\Administrator\AppData\Local\Temp\DWHCADB.tmp,5,1,1,256,37769284,"",1326195286,,0,201 4 3 0 0 5 1 6 0 0 0,1333535321,10823,0,1,0,0,0,0,,0,2,4,0,,{23FCD9FE-4776-40C1-B5F6-8D969F6339B2},,,,domain,84:2B:2B:01:C9:3B,11.0.6000.419,,,,,,,,,,,,,,,,0,,091d987d-a428-425d-bef1-39242b4f8978,259784710,,
     



  • 8.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Trusted Advisor
    Posted Jan 11, 2012 06:10 AM

    Hello,

    What makes you feel that this is a old virus??

    Is that the name of the File OR the virus name (which may be detected by another Antivirus)?

    Incase, if symantec is not detecting the Threat and a suspicious File is detected by another Antivirus then I would advise you to submit the same File to the Symantec Security Response Team on 

    https://submit.symantec.com/websubmit/essential.cgi

    You can also check this Article on :

     

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

     

    To Understand why -- Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

    http://www.symantec.com/docs/TECH98929

     

    Hope that helps!!



  • 9.  RE: Very Old DOS virus ACG appeared on 64 bit server

    Posted Jan 11, 2012 11:35 AM

    If it shows a risk path, it must also show a risk name. What is it?

    sandra