This unknown constructor virus has popped up on my system at work, and I do NOT know how it has got past our defences. We have a firewall, run Nod32 on all machines, all machines are FULLY up to date with windows, Nod is kept up to date, run Spybot Search and Destroy, do NOT share main C drive only certain folders within C drive.

This virus popped onto my work system in a folder we use for downloading drivers, and then was backed up, and backed up to my home system were it tried to activate, and AMON stopped it.

I cleaned both home and work yesterday, HOWEVER, it popped back up again tonight, it tried to self activate yet again. AMON picks it up every time and can NOT clean, though it is able to delete. This time it was in System Restore, even though like I said all computers came up clean this morning.

I see it is detected in the latest virus signature database 1.490

I would like to know how it is getting past a firewall. My computer at home does NOT receive email, I use ONLY web-mail (at home).

So the question remains, how does it get in???

Cheers ;D

Blackspear,

Please submit a sample to samples@eset.com for further investignation ;)

regards.

paul

Unfortunately I deleted it on all 3 detections (work, backup and home), it got into system restore, even with a supposed clean system from yesterday and today, so it may yet reappear at work tomorrow in system restore. If it does I'll forward it.

Cheers ;D

{QUOTE-> so it may yet reappear at work tomorrow in system restore. If it does I'll forward it. <-QUOTE}

If so: please do ;)

regards.

paul

Jan, does anyone at Eset know how this virus arrives?

We are all scratching our heads as to how this got past our defences. Once in it goes straight for system restore. Get rid of system restore and AMON deletes it.

Cheers ;D

I have seen viruses creep in when Use simple file sharing is enabled on Windows XP Pro boxes.