Hi,
Can somebody please help me. My company has a fairly big size LAN system (about 60 PCs). We run Windows 2003 Server with Windows 2000 clients. The antivirus system used for the network is Symantec Corporate Edition. For the past 2 days the clients have been showing a number of pop ups and have been prone to errors and applications crashing. We scanned the machines on a number of occasions with Symantec, however, it failed to detect anything wrong with the machines.
As I use AVAST home edition on my PC at home, I suggested to the Network Administrator to install AVAST professional edition to try and detect the virus/worm. The Symantec antivirus was uninstalled and AVAST professional edition with the 30 day trial period on the server. Upon installation and first scan the antivirus found that the machine is infected with Win32:Tibs-ADO. Over 70 .exe files have been shown to be infected. However, it seems that the AV has no way to clean these files and therefore we have moved these files to the chest.
The machine also seems to have the following infected files:
1) logo1_.exe
2) rundll123.exe
3) richdll.exe
The above mentioned seem to keep appearing even though they are detected and deleted by the AV.
Of the files that have been move to the chest, all of them are .exe file, however our dilemma is that we don't know if these are legitmate files that have been infected or files that have been created by the worm. If these files are legitmate then the applications to which they relate will be effected if we delete them. And if they are created by the worm then we are simply cutting the branches of the tree, while the root is still in place.
Will really appreciate if someone can help us out.