Re: Do you recognise this malware?

From: "Newell White" <NewellWhite@xxxxxxxxxxxxxxxxxxxxxxxxx>

Replies are inline...

| I have a workstation on our LAN running Windows XP SP3.
| Symptoms:

| 1) When I attempt to run a virus scan using McAfee Enterprise AV I get a
| popup telling me the virus recognition .DAT file is corrupt.

OK, these are the signature files. Just replace them with the DAT files from the lastest
ZIP file or SuperDAT file.
Is this Enterprise v8.5i ?


| 2) When I attempt to re-install from CD I get a popup during the install
| process
| telling me the file cabsd.w1.cab is missing or corrupt. There is no
| such file on the
| CD, which installs successfully on an identical workstation.

Why are you reinstalling ?
The original message was about signatures files (*,DAT files) not the application


| 3) When (in Explorer) I
| try to copy autoruns.exe from a floppy to the C:\
| drive, I get a popup telling me the
| copy fails because of a checksum error. I
| can run autoruns from the floppy using
| Start.. Run..., and can see nothing
| suspicious.

| 4) When I run RootKitRevealer in a
| similar manner, it shows nothing.

| 5) Running the September MS Malicious Software
| Removal tool from their
| website shows nothing.

| I am reluctant to flatten and rebuild
| as this workstation has been
| configured to run an expensive piece of production
| machinery.


Is this PC connected to the LAN and WAN ?
If yes, then you should consider flattening the PC and NOT connecting it to the LAN if
this is "...configured to run an expensive piece of production machinery. "

Something this important should also have an image made in case of emergencies. This way
if the PC gets corrupted you would only have to restore the image and the system would be
back to normal.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages

  • Do you recognise this malware?
    ... I have a workstation on our LAN running Windows XP SP3. ... popup telling me the virus recognition .DAT file is corrupt. ... When I attempt to re-install from CD I get a popup during the install ...
    (microsoft.public.security.virus)
  • Re: Fortigate 3.0
    ... having virus protection at the gateway offers a significant ... > scan and disinfect, say, a workstation HD if needed? ... the Firewall cannot scan workstations. ...
    (comp.security.firewalls)
  • Re: Connectivity between Two Subnets
    ... Cris Hanna [SBS - MVP] ... I have a Sonicwall with IP 192.168.15.1 and one ... > workstation with IP 192.168.15.10; I need this tunnel up all the time so ... >>> on a LAN at 192.168.15.x. ...
    (microsoft.public.windows.server.sbs)
  • Re: Hijack well-known ports
    ... > I have a LAN with personal firewall installed on all workstations. ... > An intruder hacked workstation and hijacked port 445. ... The Windows Networking ports are 137-138 TCP and 139/UDP. ... If this is a work place LAN and the machines are behind a FW ...
    (comp.security.firewalls)
  • Re: Security (Keep the admin out of the workstation)
    ... Protect Your Windows Network: http://www.amazon.com/dp/0321336437 ... I am interested in securing a workstation. ... is connected to a Windows 2000 server, and gets access to the internet ... admin is getting onto his workstation, through the LAN, and stealing ...
    (microsoft.public.security)