General discussion

Locked

W97M/EIGHT941.D Virus

By tpang56 ·
We have the virus W97M/EIGHT941.D virus in the Word files. We have Norton AntiVirus Corporate Edition 7.01 with the latest virus definitions. However, Norton can't detect the virus on the files. The files are detected virus and quantined by the recipients' mail system when we attach them in the e-mail. Any suggestions?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

W97M/EIGHT941.D Virus

by jmar In reply to W97M/EIGHT941.D Virus

Maybe you have already tried this but try doing a cold boot from a clean Norton anitvirus boot disk. From there allow Norton to scan your hard drives for the virus. This should detect the virus and remove it. If that does not work, then you may need to manually remove all .doc files as this is what the virus infects. Also, you'd need to delete the normal.dot file as it infects this global template. For more details check out the Symantec site: http://www.symantec.com/avcenter/venc/data/w97m.eight.941.i.html. McAfee also has details on it at: http://vil.mcafee.com/dispVirus.asp?virus_k=10460&.
Good luck!
Jeff

Collapse -

W97M/EIGHT941.D Virus

by tpang56 In reply to W97M/EIGHT941.D Virus
Collapse -

W97M/EIGHT941.D Virus

by mphoffar In reply to W97M/EIGHT941.D Virus

The only thing I can think of would be that this is some sort of version flaw that's not detecting the file, so something like an engine update might be in order. We had a similar instance with McAfee about the same time 4.0 was released. 4.X woulddetect a particular virus and 3.X woulud not, even with the updated dat file. Just a side note, but I don't beleive Norton will scan an attachment you send off because it assumes the file has been cleaned with the background agent.

One thing about this particular virus is that it has a date sensitive payload that'll password lock all of the files on July 1 and November 10th

Collapse -

W97M/EIGHT941.D Virus

by tpang56 In reply to W97M/EIGHT941.D Virus
Collapse -

W97M/EIGHT941.D Virus

by Belgarion In reply to W97M/EIGHT941.D Virus

I would try Proposal 2's solution. Doing a cold boot with an newer version of Norton to dectect the Virus should allow you to locate it and delete it.

However, I went to the Norton's website to do a search for this W97M/EIGHT941.D virus, and there isn't a definition, or a confirmation for this being an actual virus. That might be the reason for Norton's Antivirus not being able to detect it.

Collapse -

W97M/EIGHT941.D Virus

by tpang56 In reply to W97M/EIGHT941.D Virus
Collapse -

W97M/EIGHT941.D Virus

by Phinaddict In reply to W97M/EIGHT941.D Virus

On Norton's site there is a W97M.Eight941.I virus that Norton protects against. Where did you get the info of the name W97M.Eight941.D? If you have concerns I would contact Norton customer support to see what they have to say. In the meantime force a scan on all servers/workstations to ensure that nothing else is infected. The latest virus defs are dated 5/30 so make sure in your SSC all computers are using thses defs before doing the scan.

Good Luck!

Collapse -

W97M/EIGHT941.D Virus

by tpang56 In reply to W97M/EIGHT941.D Virus
Collapse -

W97M/EIGHT941.D Virus

by Its a secret In reply to W97M/EIGHT941.D Virus

W97M_EIGHT941.D

In the wild: Yes
Trigger date 1: Any Day
Payload 1: No Payload
Detected by pattern file#: 662
Detected by scan engine#: 2.082
Language:
English
Platform: Windows
Size of virus: 1,615 bytes

Details:
This macro virus infects whenever an infected document is opened. It infects by copying the virus code to the ThisDocument module of the Normal Template and of the active document, if they are not infected by the virus.

The difference between this variant of Eight941 and the other variants is that this virus does not add a password to the active document it infects. Also, the options of modifying some of the functions of the document, like allowing fast save has an added trigger date of November 10or July 1.

info from www.antivirus.com(pc cillin)

Collapse -

W97M/EIGHT941.D Virus

by tpang56 In reply to W97M/EIGHT941.D Virus
Back to Desktop Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums