Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1227 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Find virus source from repeat infection

JWFG

Is it possible to see where a virus is coming from if Sophos is flagging there is a virus but cleaning it?

We have conficker on the network and we've done patched everything, updated AV, used alternative AV, scanned with specific conficker tools by Sophos, Microsoft etc. but the little *** is still about.

The only thing we haven't done is complete downtime because of how unfeasible it is (we did partial for the patching).

From the Sophos Console, I can see a server getting infected.  Within a minute, it has been cleaned and returned to normal.  Obviously that's good but I need to find the source.  I can't see anything within Sophos that'll let me see that.

If it possible, where do I look?

Cheers.

:5544


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    of course one always wants to know "how did this get in and where does this come from (e.g. in case of attempted infection via shares the workstation's address). For scan-on-read or scheduled scans this is simply impossible In theory this information is available while the file is written).

    If you have re-infections it means that you still have a source of infection, i.e. not all your machines are clean and protected. You probably missed one or more. I think what has been said in is still true. It refers to removing W32/Confick and Mal/Conficker with Sophos Anti-Virus.

    Christian

    :5545
Reply
  • 0

    Hello,

    of course one always wants to know "how did this get in and where does this come from (e.g. in case of attempted infection via shares the workstation's address). For scan-on-read or scheduled scans this is simply impossible In theory this information is available while the file is written).

    If you have re-infections it means that you still have a source of infection, i.e. not all your machines are clean and protected. You probably missed one or more. I think what has been said in is still true. It refers to removing W32/Confick and Mal/Conficker with Sophos Anti-Virus.

    Christian

    :5545
Children
No Data
Unfiltered HTML