Nimbda and Klez - odd behaviour with AVD
#1
Scooby Regular
Thread Starter
Join Date: Nov 2000
Location: 32 cylinders and many cats
Posts: 18,658
Likes: 0
Received 1 Like
on
1 Post
Installed AVD on some of our clients today and whilst scanning found the odd Klez and Nimbda, said it could not clean or delete. Tried a removal process as recommended by McAffee and there was nothing there, and the files named were not there (hidden files displayed). Happened with Nimbda on another machine. I know some of these viruses kill parts of the virus killer, but this was up to date engine and pattern files. Seems a bit odd, but systems report as clean even though I never actually managed to delete anything. Seems a bit odd to me?
#2
Scooby Regular
Join Date: Aug 2002
Location: not forgetting 20,000 posts from last time ;)
Posts: 5,806
Likes: 0
Received 0 Likes
on
0 Posts
I had exactly the same thing on my machine last month. Sophos found 300+ files infected with Nimda-A, but no evidence of the hidden files, no modification to any system files etc. Spent several hours running cleanup/disinfectant utilities all reported a clean system.
When I asked Sophos about this, replied that you can get Nimda infection from infected websites just by visiting them. They recommended the on-access scanner part of SAV be set to sweep files on write as well as read, which will detect the files being created should it happen again.
Also check other machines on the LAN because Nimda spreads using network shares
When I asked Sophos about this, replied that you can get Nimda infection from infected websites just by visiting them. They recommended the on-access scanner part of SAV be set to sweep files on write as well as read, which will detect the files being created should it happen again.
Also check other machines on the LAN because Nimda spreads using network shares
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
38
17 July 2016 10:43 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM