Network server antivirus problem.

jinx123 · #1 (**permalink**) 06-04-2007, 03:16 PM

I am new at using a network server. I am suppose to handle the server at my workplace. I have symantec installed in the server. I have updated the virus definition from the server but still the threat found warning is the for many users on the network. I tried scaning it manually from the server it says that symantec is not running on the user. but when I check the user it is running and when I scan from the user virus is found and cleaned.

VopThis · #2 (**permalink**) 06-04-2007, 03:58 PM

If the SERVER does not know about a particular virus at a given moment in time, it cannot and won't block that infection from being loaded on any given PC and/or being spread to multiple client PCs. It is only when the virus definitions are updated and a scan run on the client will the infection be detected and then dealt with.

jinx123 · #3 (**permalink**) 07-04-2007, 04:50 AM

I tried that. But after I do it and restart the network user pc again the virus is detected. and threat found appears in the server. I am not thinking the virus is transferring from pc to pc. Cox the new pcs that I am connecting to the server doesnot detect threat even after 2 to 3 days.

VopThis · #4 (**permalink**) 07-04-2007, 05:49 AM

So, to clarify - the server is updated with virus definitions and those in turn must be run by each client against the server?

Please specify the FULL PATH filename for the infection being detected and the infection name.

jinx123 · #5 (**permalink**) 07-04-2007, 11:04 AM

c:\windows\vmm32i.dll (trojan horse)
I tried looking for the file to delete it manually but there is no file with that name. The other 2 r in the regedit. those 2 get deleted by symantec. but vmm32i.dll get qurantined. but still it pop up virus found. I asked the one using the computer when it started happening. She said after she inserted a pen drive.

VopThis · #6 (**permalink**) 07-04-2007, 03:04 PM

What does Symantec call the trojan (so, it is not a virus)? Antivirus tools are not often considered particularly effective against Trojans, in general. Other tools may often be needed to get an appropriate resolution against a related downloader or controlling agent.

HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

Copy & Paste in the input BOX, and/or ..…
Locate FULL FILE PATH if not apparent, or
Navigate to file in question.

Post those results in your next reply:

c:\windows\vmm32i.dll

If still no joy,
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All checkboxes should be ticked.
  - Under Possibly unwanted software:
    - All checkboxes should be ticked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

Additionally, you should consider running the scans here and post a HijackThis LOG:

Read This First - IMPORTANT Instructions

jinx123 · #7 (**permalink**) 08-04-2007, 06:11 AM

I have a stupid question. In safe mode I am not able to access the domain and login. Shud I just try the normal admin in safe mode. will it be ok. I am asking these question cox i am kind of new

VopThis · #8 (**permalink**) 08-04-2007, 01:59 PM

Quote:

Shud I just try the normal admin in safe mode.

Any 'safe mode' selection is generally more optimal. However, using normal mode is still a valid possibility, if necessary.

jinx123 · #9 (**permalink**) 09-04-2007, 05:12 PM

Will it be ok if I cant rep to this a bit late. someone is using that pc for some work. So I cant get to scan it. I found how it got on the pc from some in the near by building. he said that most of the pcs there is having the same problem. It started with a pen drive. When ever that pendrive is inserted to the pc this starts happening. I unhided all the components of the pen and found a file name adobedr, autorun and dll file. I will try best to give up the post abt the scan and full path of virus soon.

VopThis · #10 (**permalink**) 09-04-2007, 06:49 PM

Quote:

I found how it got on the pc from some in the near by building. he said that most of the pcs there is having the same problem. It started with a pen drive.

It is good that you are asking all the right questions. Maybe you need to talk to someone in the systems support function in the other building. They may be able to explain how they have been dealing with the virus.

Otherwise, let us know how you make out or if you still require assistance.