1 2 Previous Next 15 Replies Latest reply on May 11, 2010 6:37 AM by SamSwift

    CSRCS.exe Virus NOT Deleted!!!!

      Peeps,

       

      We have a virus infection of CSRCS.exe and is now infecting all EXE files. We're using VSE 8.7i w/ Patch 1 and SDAT 5806 w/ Engine 5400.

       

      Please see the OD Scan log below:

       

      10/16/2009 9:23:59 AM Engine version =5301.4018
      10/16/2009 9:23:59 AM AntiVirus   DAT version =5771.0000
      10/16/2009 9:23:59 AM Number of detection signatures in EXTRA.DAT =None
      10/16/2009 9:23:59 AM Names of detection signatures in EXTRA.DAT  =None
      10/16/2009 9:23:49 AM Scan Started SMITS552\afigueras On-Demand Scan
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Scan Summary
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Processes scanned    : 5
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Processes detected   : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Files scanned        : 29505
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Files with detections: 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras File detections      : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Files cleaned        : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Files deleted        : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Files not scanned    : 368
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Keys scanned         : 20513
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Keys detected        : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Keys deleted         : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Cookies scanned      : 57
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Cookies detected     : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      10/16/2009 10:07:06 AM Scan Summary SMITS552\afigueras Run time             : 0:43:17
      10/16/2009 10:07:06 AM Scan Complete SMITS552\afigueras On-Demand Scan

      10/21/2009 12:04:09 PM Engine version =5301.4018
      10/21/2009 12:04:09 PM AntiVirus   DAT version =5771.0000
      10/21/2009 12:04:09 PM Number of detection signatures in EXTRA.DAT =None
      10/21/2009 12:04:09 PM Names of detection signatures in EXTRA.DAT  =None
      10/21/2009 12:04:01 PM Scan Started SMITS552\SYSTEM (managed) VSE 8.5i ODScan
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Settings
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Archives     : Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Mime         : Disabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Macro Heuristics  : Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Program Heuristics: Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Primary Action    : Clean
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Secondary Action  : Delete
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Apply Unwanted Program Policy : Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Primary Unwanted Program Action : Clean
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Secondary Unwanted Program Action : Delete
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Extension Option  : Scan All
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Sub Folders  : Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Boot Sectors : Enabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Offline Files: Disabled
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Exclusions
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  Windows File Protection
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Common Files\McAfee\Temp\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Common Files\Mcafee\Common Framework\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\McAfee\Common Framework\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Network Associates\Common Framework\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Quarantine and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\WINDOWS\SoftwareDistribution\Datastore\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\WINDOWS\SoftwareDistribution\Datastore\Logs\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\Prefetch\* and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\System32\CCMSETUP\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\System32\ccm\ and its subfolders
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\convert.exe
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\dllcache\svchost.exe
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\svchost.exe
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\vpcache\mbsacli.exe
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  All files of type CAB
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  All files of type PF
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM Scan Items
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  Memory for rootkits
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  Running processes
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  All local drives
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  All fixed drives
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  All removable drives
      10/21/2009 12:04:01 PM Scan Settings SMITS552\SYSTEM  Registry
      10/21/2009 2:02:46 PM Engine version =5301.4018
      10/21/2009 2:02:46 PM AntiVirus   DAT version =5771.0000
      10/21/2009 2:02:46 PM Number of detection signatures in EXTRA.DAT =None
      10/21/2009 2:02:46 PM Names of detection signatures in EXTRA.DAT  =None
      10/21/2009 2:02:36 PM Scan Started SMITS552\afigueras On-Demand Scan
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Scan Summary
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Processes scanned    : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Processes detected   : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Files scanned        : 37
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Files with detections: 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras File detections      : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Files cleaned        : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Files deleted        : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Files not scanned    : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Keys scanned         : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Keys detected        : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Keys deleted         : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Cookies scanned      : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Cookies detected     : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      10/21/2009 2:07:39 PM Scan Summary SMITS552\afigueras Run time             : 0:05:03
      10/21/2009 2:07:39 PM Scan Terminated SMITS552\afigueras On-Demand Scan

      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Scan Summary
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Processes scanned    : 41
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Processes detected   : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Processes cleaned    : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Boot sectors scanned : 3
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Boot sectors detected: 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Boot sectors cleaned : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Files scanned        : 33637
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Files with detections: 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM File detections      : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Files cleaned        : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Files deleted        : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Files not scanned    : 20
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Scan Summary (Registry Scanning)
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Keys scanned         : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Keys detected        : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Keys cleaned         : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Keys deleted         : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Scan Summary (Cookie Scanning)
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Cookies scanned      : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Cookies detected     : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Cookies cleaned      : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Cookies deleted      : 0
      10/21/2009 4:07:21 PM Scan Summary SMITS552\SYSTEM Run time             : 4:03:20
      10/21/2009 4:07:21 PM Scan Terminated SMITS552\SYSTEM (managed) VSE 8.5i ODScan

      11/6/2009 1:56:48 PM Engine version =5301.4018
      11/6/2009 1:56:48 PM AntiVirus   DAT version =5792.0000
      11/6/2009 1:56:48 PM Number of detection signatures in EXTRA.DAT =None
      11/6/2009 1:56:48 PM Names of detection signatures in EXTRA.DAT  =None
      11/6/2009 1:56:39 PM Scan Started SMITS552\afigueras On-Demand Scan
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Scan Summary
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Processes scanned    : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Processes detected   : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Files scanned        : 234
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Files with detections: 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras File detections      : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Files cleaned        : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Files deleted        : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Files not scanned    : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Keys scanned         : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Keys detected        : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Keys deleted         : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Cookies scanned      : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Cookies detected     : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      11/6/2009 2:28:54 PM Scan Summary SMITS552\afigueras Run time             : 0:32:15
      11/6/2009 2:28:54 PM Scan Terminated SMITS552\afigueras On-Demand Scan

      11/6/2009 2:29:15 PM Engine version =5301.4018
      11/6/2009 2:29:15 PM AntiVirus   DAT version =5792.0000
      11/6/2009 2:29:15 PM Number of detection signatures in EXTRA.DAT =None
      11/6/2009 2:29:15 PM Names of detection signatures in EXTRA.DAT  =None
      11/6/2009 2:29:05 PM Scan Started SMITS552\afigueras On-Demand Scan
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Scan Summary
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Processes scanned    : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Processes detected   : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Files scanned        : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Files with detections: 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras File detections      : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Files cleaned        : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Files deleted        : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Files not scanned    : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Keys scanned         : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Keys detected        : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Keys deleted         : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Cookies scanned      : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Cookies detected     : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      11/6/2009 2:29:51 PM Scan Summary SMITS552\afigueras Run time             : 0:00:10
      11/6/2009 2:29:51 PM Scan Terminated SMITS552\afigueras On-Demand Scan

      11/18/2009 12:01:10 PM Engine version =5301.4018
      11/18/2009 12:01:10 PM AntiVirus   DAT version =5804.0000
      11/18/2009 12:01:10 PM Number of detection signatures in EXTRA.DAT =3
      11/18/2009 12:01:10 PM Names of detection signatures in EXTRA.DAT  =Generic!atr (ED) VBS/Autorun.worm.k (ED) W32/Autorun.worm.g (ED)
      11/18/2009 12:01:01 PM Scan Started SMITS552\SYSTEM (managed) VSE 8.5i ODScan
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Settings
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Archives     : Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Mime         : Disabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Macro Heuristics  : Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Program Heuristics: Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Primary Action    : Clean
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Secondary Action  : Delete
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Apply Unwanted Program Policy : Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Primary Unwanted Program Action : Clean
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Secondary Unwanted Program Action : Delete
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Extension Option  : Scan All
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Sub Folders  : Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Boot Sectors : Enabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Offline Files: Disabled
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Exclusions
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  Windows File Protection
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Common Files\McAfee\Temp\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Common Files\Mcafee\Common Framework\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\McAfee\Common Framework\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Program Files\Network Associates\Common Framework\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Quarantine and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\WINDOWS\SoftwareDistribution\Datastore\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\WINDOWS\SoftwareDistribution\Datastore\Logs\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\Prefetch\* and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\System32\CCMSETUP\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\System32\ccm\ and its subfolders
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\convert.exe
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\dllcache\svchost.exe
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\svchost.exe
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  C:\Windows\system32\vpcache\mbsacli.exe
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  All files of type CAB
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  All files of type PF
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM Scan Items
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  Memory for rootkits
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  Running processes
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  All local drives
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  All fixed drives
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  All removable drives
      11/18/2009 12:01:01 PM Scan Settings SMITS552\SYSTEM  Registry
      11/18/2009 3:06:31 PM Engine version =5301.4018
      11/18/2009 3:06:31 PM AntiVirus   DAT version =5805.0000
      11/18/2009 3:06:31 PM Number of detection signatures in EXTRA.DAT =3
      11/18/2009 3:06:31 PM Names of detection signatures in EXTRA.DAT  =Generic!atr (ED) VBS/Autorun.worm.k (ED) W32/Autorun.worm.g (ED)
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Scan Summary
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Processes scanned    : 39
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Processes detected   : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Processes cleaned    : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Boot sectors scanned : 3
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Boot sectors detected: 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Boot sectors cleaned : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Files scanned        : 51911
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Files with detections: 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM File detections      : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Files cleaned        : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Files deleted        : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Files not scanned    : 30
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Scan Summary (Registry Scanning)
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Keys scanned         : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Keys detected        : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Keys cleaned         : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Keys deleted         : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Scan Summary (Cookie Scanning)
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Cookies scanned      : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Cookies detected     : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Cookies cleaned      : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Cookies deleted      : 0
      11/18/2009 6:22:24 PM Scan Summary SMITS552\SYSTEM Run time             : 6:21:23
      11/18/2009 6:22:24 PM Scan Terminated SMITS552\SYSTEM (managed) VSE 8.5i ODScan

      11/19/2009 4:27:57 PM Engine version =5400.1158
      11/19/2009 4:27:57 PM AntiVirus   DAT version =5805.0000
      11/19/2009 4:27:57 PM Number of detection signatures in EXTRA.DAT =3
      11/19/2009 4:27:57 PM Names of detection signatures in EXTRA.DAT  =Generic!atr (ED) VBS/Autorun.worm.k (ED) W32/Autorun.worm.g (ED)
      11/19/2009 4:27:47 PM Scan Started SMITS552\afigueras On-Demand Scan
      11/19/2009 4:27:58 PM Deleted  afigueras Memory\NtCreateFile Generic.dx!rootkit(Trojan)
      11/19/2009 4:27:58 PM Deleted  afigueras Memory\NtQueryInformationProcess Generic.dx!rootkit(Trojan)
      11/19/2009 4:27:58 PM Deleted  afigueras Memory\ZwCreateFile Generic.dx!rootkit(Trojan)
      11/19/2009 4:27:59 PM Deleted  afigueras Memory\ZwQueryInformationProcess Generic.dx!rootkit(Trojan)
      11/19/2009 5:04:49 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\csrsc.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:06:21 PM No Action Taken (Delete failed)  afigueras c:\WINDOWS\system32\csrsc.exe
      11/19/2009 5:07:16 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\msiexec.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:09:50 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\userinit.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:00 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.98.System\mbsacli.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:00 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.98.System\MergeMbsaResults.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:02 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.98.System\ScanWrapper.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:03 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.98.System\UpdateCatalog.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:04 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.99.System\mbsacli.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:04 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.99.System\MergeMbsaResults.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:06 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.99.System\ScanWrapper.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:07 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000D.99.System\UpdateCatalog.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:10 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000E.88.System\MofToXML.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:11:13 PM Delete failed (Clean failed)  afigueras c:\WINDOWS\system32\CCM\Cache\HOC0000E.88.System\ScanWrapper.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:12:00 PM Cleaned  afigueras c:\WINDOWS\system32\drivers\etc\hosts W32/Virut!hosts(Trojan)
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Scan Summary
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Processes scanned    : 23
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Processes detected   : 4
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Files scanned        : 32270
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Files with detections: 14
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras File detections      : 14
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Files cleaned        : 1
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Files deleted        : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Files not scanned    : 368
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Keys scanned         : 22234
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Keys detected        : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Keys deleted         : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Cookies scanned      : 68
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Cookies detected     : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      11/19/2009 5:17:40 PM Scan Summary SMITS552\afigueras Run time             : 0:49:53
      11/19/2009 5:17:40 PM Scan Complete SMITS552\afigueras On-Demand Scan

      11/19/2009 5:25:08 PM Engine version =5400.1158
      11/19/2009 5:25:08 PM AntiVirus   DAT version =5805.0000
      11/19/2009 5:25:08 PM Number of detection signatures in EXTRA.DAT =3
      11/19/2009 5:25:08 PM Names of detection signatures in EXTRA.DAT  =Generic!atr (ED) VBS/Autorun.worm.k (ED) W32/Autorun.worm.g (ED)
      11/19/2009 5:25:01 PM Scan Started SMITS552\afigueras On-Demand Scan
      11/19/2009 5:25:08 PM No Action Taken  afigueras C:\WINDOWS\system32\csrsc.exe W32/Virut.n.gen(Virus)
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Scan Summary
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Processes scanned    : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Processes detected   : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Processes cleaned    : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Boot sectors scanned : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Boot sectors detected: 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Boot sectors cleaned : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Files scanned        : 1
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Files with detections: 1
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras File detections      : 1
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Files cleaned        : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Files deleted        : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Files not scanned    : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Scan Summary (Registry Scanning)
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Keys scanned         : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Keys detected        : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Keys cleaned         : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Keys deleted         : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Scan Summary (Cookie Scanning)
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Cookies scanned      : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Cookies detected     : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Cookies cleaned      : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Cookies deleted      : 0
      11/19/2009 5:25:09 PM Scan Summary SMITS552\afigueras Run time             : 0:00:08
      11/19/2009 5:25:09 PM Scan Complete SMITS552\afigueras On-Demand Scan

       

       

       

      I have opened a case with Service Portal and submitted another sample file to AVERT labs..

       

      Jeeeesh, this is the 2nd undetected virus we found in just 3 days....

        • 1. Re: CSRCS.exe Virus NOT Deleted!!!!

          The safemode command line scan doesn't work either, it will state something similar to this:

           

          "The program has been altered, please replace the copy and run the program."

           

          Anyone please help! Tech support takes 10 years to reply.

          We can't do Toll Free calling with our phones apparently.

           

           

          Message was edited by: darkshyre on 11/19/09 3:18 AM
          • 2. Re: CSRCS.exe Virus NOT Deleted!!!!
            SamSwift

            Hi,

             

            What are the IDs for the samples?

            Where are you based? I can try to dig out a non toll free number for you.

             

            Sam

            • 3. Re: CSRCS.exe Virus NOT Deleted!!!!
              SamSwift

              I've had no joy in finding a toll share number yet, however I've pinged support maagement and they've recommended you use the chat session from service portal to get immediate assistance. If may be applicable for your case severity to be raised also if your business is impeded. The gold support handbook gives details of how ther severity system works.

               

              EDIT: can you also submit samples of the files which are showing as 'clean failed/deleted failed'. I've checked the back end system and can see we sent a reply yesterday with an extra.dat for the sample you submitted, but it's unlikely to resolve the clean failure. The response was sent to the email address used to submit the file.

               

              HTH

               

              Sam

               

               

              Message was edited by: SamPrice on 11/19/09 4:21 AM
              1 of 1 people found this helpful
              • 4. Re: CSRCS.exe Virus NOT Deleted!!!!

                Thanks Sam! We just received the Extra.dat and we'll try it out to the infected machines and hopefully this resolves the issue. Thanks again.

                • 5. Re: CSRCS.exe Virus NOT Deleted!!!!
                  SamSwift

                  Excellent. Please let us know if you have any further problems.

                   

                  Sam

                  • 6. Re: CSRCS.exe Virus NOT Deleted!!!!
                    secured2k

                    Hello,

                     

                    I would like to add that Virut.n is a file infector (Win32 PE and HTML) and may damage files beyond repair. The recommended course of action is to replace the infected program files with a clean copy. Once the virus is active in memory, any files accessed that it can modify (under the user's security context) may be infected as well. This mean scanning all files will allow the active virus to attempt to infected every executable file. Programs actively running or key Windows processes will not be deleted or killed for stability reasons.

                    • 7. Re: CSRCS.exe Virus NOT Deleted!!!!

                      Hi. We tried the extra.dat, latest DAT released today and a beta dat for scanning. It can delete / clean the virus but the virus just keeps on coming back.

                       

                      We just reformatted the unit as the user really needs to use the computer and this case has been taking so long already. Anyway, i've re-escalated the issue and a Tier 3 engineer is currently handling the case.

                       

                      We still have an isolated infected machine where we could test the latest DAT and extra.dat or whatever the support will suggest. I just hope that this case gets resolve immediately as it is a very destructive SOB

                      • 8. Re: CSRCS.exe Virus NOT Deleted!!!!

                        Hi.

                         

                        "This mean scanning all files will allow the active virus to attempt to infected every executable file"

                         

                        How are we supposed to clean the machine if we cannot scan the unit? Or if we scan the unit, are we even risking the machine from being more infected?

                         

                        FYI.we cannot Kill the csrcs.exe process, it always states Access is denied.

                        • 9. Re: CSRCS.exe Virus NOT Deleted!!!!
                          secured2k

                          If this particular virus is active, scanning or accessing more files would just allow more infections to take place. At the point you described, it might be best to reinstall as you have already done.

                           

                          The best way to clean a machine with infected files is to use an "Out of Box" cleaning method as soon as possible. This means another clean Operating System and Virus Scanner should read the hard disk and then scan and clean the computer. This way, the active system that is running is clean and no virus code is active. This allows for the scanner to access all files without any problems.

                           

                          An easy way to do this is to use a BootCD I created (or your personal choice of boot CD) that gives access to your files. I have made a CD that can do this that includes a few scanners and tools to recover from viruses at the following post:

                          http://community.mcafee.com/thread/6923

                           

                           

                          You may not be able to kill the process (Spybot variant) unless you had a special program that used a kernel driver or had elevated privileges (seDebugPrivilege) when compared to the program running. For example, if the program was running as a Service, you would need higher system access than the default Task Manager allows for.

                           

                           

                          Message was edited by: Mark (secured2k) on 11/22/09 8:52 PM
                          1 2 Previous Next