Re: W32.alcra.c REMOVED FINALLY!!!
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Wed, 2 Aug 2006 17:25:43 -0400
From: "URCS" <johngalt@xxxxxxxxxxx>
| Re: Keep getting reinfected ....
| not really ..
| kept getting REinfected by the same virus. During the entire time I
| had the virus I was not even connected to the net. Cat5 outta the
| rear end.
| When it came to getting the files for AV.exe, done on a different
| machine and thumb drived over.
| That is what was weird about this infectrion .... although it could
| not be found by ANY of the virus checkers, even when on as a slave on
| different machine, it kept propagating.
| It HAD to have had something to do with the quarantine section of NAV.
| NAV was not able to delete that file in quarantine.
| And again, I reitrerate, the Symantec site lists this as an "easy"
| removal. I followed theirs and the steps listed here and no virus was
| found to remove.
| Maybe I am the only one that will have this situation. But if not, at
| least the next guy will have my notes as reference, too.
| Thanks for everything, techs. I appreciate your help.
| Don in Tucson
Thios is a worm so re-indfection is totally possible IF your AV software is NOT up-yo-date
and you don't use a FireWall application and/or an appliance.
You listed this as; "W32.alcra.c" This could be a new variant and thus what is lised under
the removal instructions is NOT accurate. The fact it was etected as "W32.alcra.c" but had
different charachteristics is not new to any AV vendor. They can only provide information
based upon the samples they have received. The signatures however may find the infector
without the infector being the exect match in the library.
- Prev by Date: Re: W32.alcra.c REMOVED FINALLY!!!
- Next by Date: Cursor problems
- Previous by thread: Re: W32.alcra.c REMOVED FINALLY!!!
- Next by thread: post nimda antivirus defs error mssg