Last night I got a little bored and in preparation for such no-action times I brought in some anti-virus software for one of the test computers. The dang PC had a company workstation image on the disk, which had a very locked-down Norton anti-virus installed and a virus definition file dated May, 2002. Jeez! BTW, this disk image was part of a VPN trial, which is over with.
Well, I had to literally rip the pre-existing Norton from the registry and make 3-4 install-uninstall attempts to get past the part of a managed server not being reachable, but in the end it worked. I did a scan of the disk and it found 334 files containing one or more virus. Dear god, I wonder how that happened? Most said something about 'irc' and were backdoor trojans. I think a program got installed that generated these files as a virus, and somehow that program got auto-booted at system boot.
Anyone hear of rmtcfg.exe? This file, and a bunch of other files were sitting in a directory of the same name, inside the system32 directory. I left work yesterday running a third scan with continued virus detection (its still detecting them) and each time I instruct NAVC to delete contaminated files (no quarentine, just deletion).
Well, I had to literally rip the pre-existing Norton from the registry and make 3-4 install-uninstall attempts to get past the part of a managed server not being reachable, but in the end it worked. I did a scan of the disk and it found 334 files containing one or more virus. Dear god, I wonder how that happened? Most said something about 'irc' and were backdoor trojans. I think a program got installed that generated these files as a virus, and somehow that program got auto-booted at system boot.
Anyone hear of rmtcfg.exe? This file, and a bunch of other files were sitting in a directory of the same name, inside the system32 directory. I left work yesterday running a third scan with continued virus detection (its still detecting them) and each time I instruct NAVC to delete contaminated files (no quarentine, just deletion).