We have observed a virus outbreak on our network. This is affecting business operations.
The suspicious files (stsys.exe, mrsys.exe, icsys.icn.exe, explorer.exe, spoolsv.exe and svchost.exe. the last three files were found in the wrong locations and are actually fake files of the original copies) have been sent to mcafee. The extra dats were downloaded and applied to all systems.
However this virus is still not detected.
Is anyone experiencing this issue? what is their approach?
We know the trojan infects executables on the system. this we believe has affected the virus scan on the systems making the protection and cleaning procedure nearly impossible.
Here is the info on the virus: http://vil.nai.com/vil/content/v_362098.htm as at the 21st of Jan 2011
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=360811 as at the 18th of Jan 2011
Please send the samples in password-protected zip file (password- infected) to firstname.lastname@example.org, You can even open Service Request with Technical Support, Please reach our technical support team