SAVCE v8.1.1.329 and "Anig" virus

[thefourthwall]

The guy hired to manage our antivirus activities forced client upgrades of NAV v7.5 to SAV v8.1.1.329 under the pretense that doing so would protect our clients from the W32.HLLW.Anig virus.

Unfortunately we're still seeing repeated infections and this guy doesn't know what to do ... latest definitions on the clients (just looked - defs version 6/15/2004 rev. 19).

Any thoughts?

Thanks.
-thefourthwall

 

[quell]

Here is my 2 cents...take it with a grain of salt. Just my opinion. W32.HLLW.Anig runs on port 5190. Close incomig connections on port 5190 at your border router or firewall. This will prevent someone from taking advantage of the infected machines. Download the removel tool and run it on each pc.

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.anig.removal.tool.html

While you are at each pc make sure that it has the latest version and latest viri defs. It sounds like one pc is not getting the updates for some reason. I assume you are forcing this update through GPO. Like I said this is just my 2 cents but I think it would be a good place to start.

 

[thefourthwall]

quell:
Thanks for the suggestions. port 5190 has now been disabled and we're running the tool. Also running down the list of infected machines; it's getting smaller and (surprise) it looks like a repeat offender with a laptop ...