VSE 7 & Nachi

[bulkmail]

Does anyone know how to get rid of this worm?
Mcafee is no help. My DAT and engine is up-to-date. I have ALL patches installed from MS. I even re-installed ms03-026 and 039. But for some reason, the TFTP.exe will not go away!

Thanks,

BM

 

[AVChap]

Disable the System Restore, then clean again. This should do away with it once and for all.

AVChap
... been there, done that, made that mistake too, see where I am now.

 

[bulkmail]

Thanks AVchap but i do not see any system restore in my GP.
I have w2k. Going to try to do it throught the registry.


BM

 

[ianbla]

you ran stinger?

 

[bulkmail]

Yes I ran the current Stinger and it came clean. It did not detect any threats. But every day (multiple times) I get messages on my EPO server saying that it found and deleted the worm. I can not seem to get rid of that TFTp.exe.

AVchap, it did not work.

Thanks,

BM

 

[AVChap]

Send a copy of that TFTP.EXE file to vsample@nai.com to have it analyzed. I'm pretty sure it will be detected as Nachi but remember, Nachi is network-aware.

I would assume at least someone else on your network (if you're at work) is still infected. Suggest you run an on-demand scan on your machine (using All Files) just to be sure. If you can also schedule an on-demand scan on ePO for the other machines on the network that would be better.

AVChap

“I have not failed 700 times. I have not failed once.
I have succeeded in proving that those 700 ways will not work.
When I have eliminated the ways that will not work,
I will find the way that will work.”
--Thomas Edison

 

[FatesWebb]

well i can tell you that this is not a problem with mcafee, the way that virus works, if the microsoft patch is not working, but mcafee is, you get this behaviour. You need to contact microsoft and find out why thier patch is not working.

FW

FatesWebb

if you do what I suggested it is not my fault...

 

[bulkmail]

Thanks guys.