Assistance with detecting computer infection

Networking/Security Forums -> Viruses // Worms

Author: blittleu PostPosted: Mon Mar 26, 2007 5:49 pm    Post subject: Assistance with detecting computer infection
    ----
I had a workstation get infected with some type of virus, worm, Trojan (not sure what). The infection caused MS Office, text, PDF files to convert to "scandiskxxxx" files. All the converted (or infected files) were broken down in 98KB size files.

We have several layers of defense in place: firewall, IPS, proxy with AV, Trend AV on the desktop, Windows Defender on the desktop, etc. All defenses were up to date with latest patches and def file; however, none of the defenses stopped the infection.

The workstations are pretty lockdown, and users don't have local permissions to execute/install anything. The workstation is Windows XP SP2.

Trend had me install and run their in-house root kit and malware products to try to determine what caused this. Nothing was found. In addition to Trend products, I tried Hi-jack this, some forensics tools, Norton's AV, etc. Nothing was found.

Any assistance with this matter is greatly appreciated.



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group