Question

Locked

virus issue

By brian ·
I have a workstation that always seems to have a virus on it, the problem is I have removed the virus countless times (located in the temp internet files), cleaned out the temp internet files, and turned off/disabled system restore and cleaned all of the system restore points out. Currently I run Symantec Enterprise and have scanned the system with this along with AVG and ran Spybot, Malware Bytes, Combo Fix, and SmitFraud, all of which show up clean, yet...IT KEEPS COMMING BACK (says it is located in a .jpg in the temp internet files). Any Suggestions aside from completely locking the workstation down to only a few websites (and seeing if that would work)?!? Thanks

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Who

by santeewelding In reply to virus issue

Works at the workstation?

Collapse -

What virus is it?

by robo_dev In reply to virus issue

There are many that reinstall themselves, so it's not really ever getting removed.

Collapse -

grumble

by brian In reply to What virus is it?

I was afraid of that, looks like format and reload it is...as for who sits at workstation, well i just question why that informaiton is needed....

Collapse -

backdoor

by patb071 In reply to grumble

Often viruses leave back doors open so they can keep coming in. thats why older machines taht have had a few viruses seem to get alot more

Collapse -

Also more bad news

by OH Smeg In reply to grumble

Depending on what the infection actually is it may survive a Format.

A Format only writes to every third Sector of the HDD and less if you chose the Quick Format Option so the infection can reappear after a format and reload.

In a case like that you need to use a Utility like Boot & Nuke

http://www.dban.org/download

or Kill Disc

http://www.killdisk.com/downloadfree.htm

To destroy all trace of the infection before starting the reload.

Col

Collapse -

Symantec

by Mike Barron In reply to virus issue

Actually I see this quite often with Symantec. We are currently using Symantec Endpoint and seem to get a lot of false positives. Most of these show up in Temp as some random .jar .jpg or .gif. The file is deleted by Symantec then shows up again the next time the user browses the web.

I?ve gone as far as putting a fresh image on the machine with the same result. Now this isn?t to say that some of these files aren?t harmful, I just think some of the positives are BS.

My two cents

Collapse -

to all

by brian In reply to Symantec

Thank you for the input....
yes, unfortunatly i have delt with many viruses in the past that would survive a quick erase Col...i hate those things! And I was thinking about false posatives as well...Its a tough decision to make weather to format and reload on the side of safety or just to leave it be and figure they are false posatives...decisions decisions decisions!

Collapse -

Memory

by rouschkateer In reply to virus issue

Remove the memory from the system - boot it up and let it error out. Put the memory back in and scan in Safe Mode.

Collapse -

ok...i'm confused

by brian In reply to Memory

What is removing the RAM (i'm assuming) and booting the system to the point it errors going to accomplish (considering that it would just error on post)? The system has been rebooted many times (also shut off and unpluged b/c of a video card issue recently). By doing a reboot, it clears the RAM (usually), and by shutting off and unplugging (for the video card problem) the RAM would have definatly been cleared...

Collapse -

removing the RAM accomplishes nothing . . .

by Who Am I Really In reply to ok...i'm confused

where malware hides is the problem and
it can hide in several places

and the problem with Windows / DOS format is it actually does no write testing

the only thing format writes is:
- Track 0,
- the MFT
- cluster boundaries

and the data in the clusters remains intact

additional info:
the correct approach is DBAN the unit restore from a known clean backup or do fresh install

then secure the unit, specifically don't use windows default settings for anything especially IE
part of the method I use to secure my units by strangling IE to the point of uselessness

Back to Malware Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Forums