Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 6545 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus detected won't clear

Weeboo

I rebuilt a PC this afternoon - after a "C2-GENERIC B" virus was detected by Enterprise console

The device was cleared from the server and set to scan for new devices

When it was discovered - it had exactly the same virus showing again

Why ?

And how do I clear this alert ?



This thread was automatically locked due to age.
  • 0

    Hello Weeboo,

    if you delete a computer from the console it is just hidden - keeping all its history and most of its status at the time of deletion. When it "comes back" with the same name this "archived" computer is simply unhidden. If you did not acknowledge this alert before you deleted the computer from SEC it might reappear together with the computer.
    Please check the timestamp of the alert - if it's from before the rebuild simply acknowledge it.

    Christian 

  • 0 in reply to QC

    QC said:

    Hello Weeboo,

    if you delete a computer from the console it is just hidden - keeping all its history and most of its status at the time of deletion. When it "comes back" with the same name this "archived" computer is simply unhidden. If you did not acknowledge this alert before you deleted the computer from SEC it might reappear together with the computer.
    Please check the timestamp of the alert - if it's from before the rebuild simply acknowledge it.

    Christian 

     

    OK We have 3 PC's that were detected as having coinhive PUA last week - they have all been rebuilt - so ARE clean

    but they are still showing the infection - in the error box in Enterprise console

    I have acknowledged the infection and they disappeared from the error box, yesterday - but are now back in the same place

    How do I remove them from the error box ?

  • 0 in reply to Weeboo

    Hello Weeboo,

    are now back
    with a recent timestamp? Is it the C2/Generic-B alert that's returning or the Coinhive PUA?
    The alert contains a path (more details might be in the endpoint's SAV.txt log), please check if the given location is indeed still clean.

    Christian

  • 0 in reply to QC

    QC said:

    Hello Weeboo,

    are now back
    with a recent timestamp? Is it the C2/Generic-B alert that's returning or the Coinhive PUA?
    The alert contains a path (more details might be in the endpoint's SAV.txt log), please check if the given location is indeed still clean.

    Christian

     

    Coinhive - but the PC has been rebuilt - So why is it still showing ?

    One of the other PC's that was infected with coinhive last week (that was also rebuilt) - NOW has a double infection of generic PUA PO and DEALPLY UPDATER !!

     
  • 0 in reply to Weeboo

    Hello Weeboo,

    why is it still showing?
    could you perhaps provide a screenshot of the alert? If you did acknowledge it and it reappeared its timestamp should be more recent than the rebuild.

    NOW has a double infection
    User downloading a something? If I download aQuestionableSoftware.exe on one day, a detection is triggered, and the PC is subsequently rebuilt - what will prevent me from downloading the same junk the next day?

    Christian

  • 0 in reply to QC

    The timestamp is still the original infection .....

  • 0 in reply to Weeboo

    Hello Weeboo,

    I see. Did you right-click on the computer, select Resolve Alerts and Errors ... and acknowledge the alert there?

    Christian

  • 0 in reply to QC

    They were showing as ERRORS rather than ALERTS - Which is where the confusion started

    now cleared -

    thanks

    QC said:

    Hello Weeboo,

    I see. Did you right-click on the computer, select Resolve Alerts and Errors ... and acknowledge the alert there?

    Christian

     

Unfiltered HTML