General discussion


Server downtime

By xyberia ·
Guys, basically, this is my problem. I have this machince which is needed to run for other servers to be connect to a remote printer in ASIA. The problem comes when it keeps on not being accessible to the network. My users are all using Citrix to access this server. I have ran many scans with updated Defs and everything from tracing Virii to Spywares. The only clue i am left with is that a file named"conime" keeps running as a process. Also, it is labeled as a major security threat as a backdoor. What i am afraid is that it is a Citrix process that other programs may have blacklisted because of the impersonation made by BFGhost1.0 Can anyone confirm with my finds?

Apart from that, can i ask if anyone knows whether if anyone connect to a machine, a seperate process of the program is run for him? As in if i have 10 Users logged in my system then i will have around 10 "WINLOGON" running? Thank you for your responses.
Any help is appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by pierrejamme In reply to Server downtime

McAfee says it's a Backdoor Trojan for Peer to Peer.
BackDoor-COK Corporate User : Low
Home User : Low
Virus Information
Discovery Date: 2/24/2005 12:00:00 AM
Origin: Unknown
Length: 33,068
Type: Trojan
SubType: Remote Access
Minimum DAT:
Release Date:
2/24/2005 12:00:00 AM
Minimum Engine: 4.3.20
Description Added: 2/24/2005 9:22:18 AM
Description Modified: 3/15/2005 10:14:41 PM

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.
You should be able to remove it with a Full scan. If it is a Millenium or XP machine you need to turn off System Restore before scanning. Reboot after you have deleted it and the re-apply System Restore.
good Luck,

Related Discussions

Related Forums