Re: Do you recognise this malware?
On Thu, 18 Sep 2008 11:01:02 -0400, Newell White
<NewellWhite@discussions.microsoft.com> wrote:
> I have a workstation on our LAN running Windows XP SP3.
> Symptoms:
>
> 1) When I attempt to run a virus scan using McAfee Enterprise AV I get a
> popup telling me the virus recognition .DAT file is corrupt.
>
> 2) When I attempt to re-install from CD I get a popup during the install
> process telling me the file cabsd.w1.cab is missing or corrupt. There is
> no
> such file on the CD, which installs successfully on an identical
> workstation.
>
> 3) When (in Explorer) I try to copy autoruns.exe from a floppy to the C:\
> drive, I get a popup telling me the copy fails because of a checksum
> error. I
> can run autoruns from the floppy using Start.. Run..., and can see
> nothing
> suspicious.
>
> 4) When I run RootKitRevealer in a similar manner, it shows nothing.
>
> 5) Running the September MS Malicious Software Removal tool from their
> website shows nothing.
>
> I am reluctant to flatten and rebuild as this workstation has been
> configured to run an expensive piece of production machinery.
>
>
You should be reluctant. Why don't you just restore from a known clean
image? Oh,you didn't create one did you? One would think that an important
workstation would be backed up. Tell your boss you need a image program
today and then make a plan to image all workstations. Have you tried to
download new dat files from McAfee?
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is setup for use in USENET by everyone