Posted: Fri Oct 23, 2009 12:08 am Post subject: Weird Security Incident - Help Needed!
I have a weird issue thats going on the network. Some of the Windows XP machines are either infected or affected by this problem. i cant call it a virus because there is nothing on Symantec's website or on the internet or maybe i havent looked hard enough...but right i am desperate more and more pcs are getting this. the symptoms are as follows :-
unknown folders created in C drive - named as X or multiple "X" - the contents are randomly picked up from other folders on the machine e.g. i386
Outlook gives an error message and when outlook is restarted it will not link to the pst file due to insufficient rights
Application uninstall by itselft including Symantec Endpoint Security 11, Oracle client, Avaya IP Softphone, etc.
PC does not boot up due to the system folder is missing or the files in system folder is missing - data is still intact
We have Symantec Endpoint Protection Manager as the AV Server nothing is reported the PC's affected do not show any sort of virus attack or such. i am baffled....has anyone come across this kind of situation.
What should I do next? We had scanned infected PCs's hard disk using latest Symantec & McAfee anti-virus by attching hard disk as USB drive on a clean PC. Also run number of anti-rootkits tools but... ;(
I'm not sure whether this is insider job - sabotage our IT system. Any tools I can use or any log should I be looking at now.... had checked Windows event viewer but can not find anything that is suspicious
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum