ircphate.exe- trojan [Windows Viruses]

Prev: swp2009 demo hit my computer tonight
Next: network monitor to detect malware?

From: microsoft on 28 Dec 2009 01:16

Hi

I am running Windows 2003 server. This server is a member server and its
primary role is a file server. Norton Symantec Antivirus Corproate Edition
initally detected this trojan and quarantined it. However whenever the users
on the network access particular share the above captioned trojan file is
presented within Norton. I then used Kapesky which indicated that the file
was deleted successfully. However after a day the trojan has reappeared.
Has anyone ecountered this virus and if so what can I do to fully remove it.

There is not much documentation available as yet on this virus which
therefore makes it difficult to resolve and remove.

Symantec simply points o the share on teh network as the lcoation of the
trojan, how can I nfirm what is the souce and how to fully remove it.

From: David H. Lipman on 28 Dec 2009 06:22

From: "microsoft" <microsoft(a)discussions.microsoft.com>

| Hi

| I am running Windows 2003 server. This server is a member server and its
| primary role is a file server. Norton Symantec Antivirus Corproate Edition
| initally detected this trojan and quarantined it. However whenever the users
| on the network access particular share the above captioned trojan file is
| presented within Norton. I then used Kapesky which indicated that the file
| was deleted successfully. However after a day the trojan has reappeared.
| Has anyone ecountered this virus and if so what can I do to fully remove it.

| There is not much documentation available as yet on this virus which
| therefore makes it difficult to resolve and remove.

| Symantec simply points o the share on teh network as the lcoation of the
| trojan, how can I nfirm what is the souce and how to fully remove it.

Probably Symantec is only seeing part of the infection and is missing the major
components.|

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan(a)virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

Then you may also may want to scan the server and workstations with my Multi-AV Scanning
Tools Sophos and McAfee modules.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

|
Pages: 1
Prev: swp2009 demo hit my computer tonight
Next: network monitor to detect malware?