Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 16110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint act on Trojan.win32.KillAV.fdm , NetHood.exe, Win32.pykspa!gen1

Riyad

On windows OS *.RAR and *.bat continue generating. Can you suggest me which Sophos Product will be cool for stop this kind of misbehave well on Windows OS?

 

 

 

Servers & Desktop Pcs:

  1. Servers:- Ten (10) Servers

                 One (1) with Windows 2012

                 One (1) with Windows 2008

                 Eight (8) with Windows 2003

  1. Desktop Pcs:-      Two Hundreds (200) + pcs with Windows XP (some or more with SP3)            

 Present Situation:

 All Servers & Desktops pcs are flooding with virus like *.rar, *.bat, *.exe

Though they tried through Bit Defender Endpoint and Kaspersky Internet Security but no satisfactory output. As those virus are continuously generating with a large volume and mostly from Client PCs.

There is a shared drive from where all Client PCs copy office files or necessary files. Thinking may be from those clients Virus are generating. 

Some Screen-shots are being attached here, hope those will help to understand more clearly.

 

Thanks in Advance

 



This thread was automatically locked due to age.
Parents
  • +1

    Hello Riyad Amin,

    so the machines (at least some of them) aren't protected by Sophos but a competitor tool - it's not an issue with Sophos Endpoint, or is it?

    It looks like there is an active and only partially detected threat on at least one of the machines. Please note that Windows XP is way past its retirement date. You might give SVRT a try - can't say if it will still install. If the persistent malware can't be identified please use the Source Of Infection tool to identify the rogue host and process.

    Better yet - please the Sophos Malware Remediation Toolkit for a systematic approach.

    Christian

  • 0 in reply to QC

    Hello  

    Thanks for your so rapid response.

    So you are suggesting me to use

    1. Sophos Virus Removal Tool (SVRT) on every pc,

    2. Source of Infection Tool (SOI)

    Is there any necessity to use Sophos Clean ?

     

    Thanks in Advance 

  • +1 in reply to Riyad

    Hello Riyad Amin,

    a detection on a computer doesn't necessarily mean it is infected - especially if the detection is on a network drive.
    That threats are constantly detected, removed, and reappear suggests there is at least one machine with an unknown threat. It is essential identify this machine - what about the one with the user Nalaka? Looks like there are constant detections in Chrome's cache. What happens if you isolate it (i.e. disconnect it from the network), do the detections then cease, and cease on the other machines as well? If after reconnecting they machine it starts again there's likely a rogue process on this machine. SOI should help to determine which one.

    Otherwise SOI (Scenario A) can help to find the client(s) that are dropping the malware into the shares.

    Christian

  • 0 in reply to QC

    Hello  

     

    So First it's important to find out the Clients which are continuously dropping and generating viruses by accessing Network Drive by Sophos source of infection tool (SOI)

    then by using the Sophos Virus Removal Tool have to clean those clients. 

    Then we can go for Sophos Endpoint installation for those servers and clients. Clients OS at least should be Windows 7 SP2 for Endpoint Business SELECT product !! 

     

    Thanks in Advance

  • +1 in reply to Riyad

    Hello Riyad Amin,

    find out the Clients
    yes, could be just one or more than one. SVRT might or might not detect the actual threat. If not, you could try Sophos Clean. Your current AV might be able to clean up the other locations once no new files are dropped.

    Christian

  • 0 in reply to QC

    Hello  

    yes first have to

    1. find out the Clients (Could be one or more there)

    2. Then have to try Sophos Virus Removal Tool 

    3. At the End need to do action with Sophos Clean 

     

    Thanks in Advance 

     

Reply Children
Unfiltered HTML