MVG.Install - How is this getting in???

Discussion in 'NOD32 version 2 Forum' started by Blackspear, Aug 21, 2003.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This unknown constructor virus has popped up on my system at work, and I do NOT know how it has got past our defences. We have a firewall, run Nod32 on all machines, all machines are FULLY up to date with windows, Nod is kept up to date, run Spybot Search and Destroy, do NOT share main C drive only certain folders within C drive.

    This virus popped onto my work system in a folder we use for downloading drivers, and then was backed up, and backed up to my home system were it tried to activate, and AMON stopped it.

    I cleaned both home and work yesterday, HOWEVER, it popped back up again tonight, it tried to self activate yet again. AMON picks it up every time and can NOT clean, though it is able to delete. This time it was in System Restore, even though like I said all computers came up clean this morning.

    I see it is detected in the latest virus signature database 1.490

    I would like to know how it is getting past a firewall. My computer at home does NOT receive email, I use ONLY web-mail (at home).

    So the question remains, how does it get ino_O

    Cheers :D
     

    Attached Files:

  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re:MVG.Install

    Blackspear,

    Please submit a sample to samples@eset.com for further investignation ;)

    regards.

    paul
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:MVG.Install

    Unfortunately I deleted it on all 3 detections (work, backup and home), it got into system restore, even with a supposed clean system from yesterday and today, so it may yet reappear at work tomorrow in system restore. If it does I'll forward it.

    Cheers :D
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re:MVG.Install

    If so: please do ;)

    regards.

    paul
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Jan, does anyone at Eset know how this virus arrives?

    We are all scratching our heads as to how this got past our defences. Once in it goes straight for system restore. Get rid of system restore and AMON deletes it.

    Cheers :D
     
  6. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    I have seen viruses creep in when Use simple file sharing is enabled on Windows XP Pro boxes.
     
Thread Status:
Not open for further replies.