Weird Security Incident, Please help!!!

Discussion in 'malware problems & news' started by dump2sia, Oct 22, 2009.

Thread Status:
Not open for further replies.
  1. dump2sia

    dump2sia Registered Member

    Oct 22, 2009

    I have a weird issue thats going on the network. Some of the Windows XP machines are either infected or affected by this problem. i cant call it a virus because there is nothing on Symantec's website or on the internet or maybe i havent looked hard enough...but right i am desperate more and more pcs are getting this. the symptoms are as follows :-

    unknown folders created in C drive - named as X or multiple "X" - the contents are randomly picked up from other folders on the machine e.g. i386

    Outlook gives an error message and when outlook is restarted it will not link to the pst file due to insufficient rights

    Application uninstall by itselft including Symantec Endpoint Security 11, Oracle client, Avaya IP Softphone, etc.

    PC does not boot up due to the system folder is missing or the files in system folder is missing - data is still intact

    We have Symantec Endpoint Protection Manager as the AV Server nothing is reported the PC's affected do not show any sort of virus attack or such. i am baffled....has anyone come across this kind of situation.

    What should I do next? We had scanned infected PCs's hard disk using latest Symantec & McAfee anti-virus by attching hard disk as USB drive on a clean PC. Also run number of anti-rootkits tools but... ;(

    I'm not sure whether this is insider job - sabotage our IT system. Any tools I can use or any log should I be looking at now.... had checked Windows event viewer but can not find anything that is suspicious
  2. Togg

    Togg Registered Member

    Jun 24, 2003
    I don't have any sort of expertise with network admin etc. but it seems you may need some specialist tools.

    Have a look at the site, which is maintained by, and for, network security admins; (the Internet Storm Center is very interesting).
  3. Franklin

    Franklin Registered Member

    May 12, 2005
    West Aussie
Thread Status:
Not open for further replies.