Viking.AG Infection

Discussion in 'ESET Smart Security' started by Rick7078, Nov 9, 2010.

Thread Status:
Not open for further replies.
  1. Rick7078

    Rick7078 Registered Member

    Joined:
    Nov 9, 2010
    Posts:
    2
    Hello,

    I'm running a server in our lab of about 80 systems. Recently someone inserted an unapproved USB stick containing the Viking.AG virus/worm. NOD32 didn't catch this when it migrated to our server across the private lab network and it ended up infecting over 1000 executable files. The server mostly stores data but these EXE files are related to the software that our group uses. I took the entire network offline, scanned all systems, and slowly reconnected the network as systems became clean. The Viking.AG worm appears to be gone now but all of the EXE files that were on the server are now in quarantine with the only option being "Delete", no clean. I really need to clean these files. From what I've read, Viking appends itself to the start of the EXE file only. Since all of the files are infected with the same AG variant I thought it would be quicker to just clean the files than running around to locate all of these EXE files. If I had more information (and time) I could write the code to clean these files by stripping off the infected chunk and rewriting the rest back to disk. Is there anything that can be done to clean these files? Let me know if you need additional information. I've attached the scan log for more information.

    Scan Log: ~Accessible to Eset~

    Please let me know the best way to proceed.

    Thank you!
     
    Last edited by a moderator: Nov 9, 2010
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please submit a couple of such files from quarantine to ESET per the instructions here and something like "Viking.AG - cleaner needed" in the subject.
     
  3. Rick7078

    Rick7078 Registered Member

    Joined:
    Nov 9, 2010
    Posts:
    2
    Thank you for the reply Marcos. I have submitted a couple samples as directed using the subject you recommended. If there is anything else I can do to get this going please let me know.
     
Thread Status:
Not open for further replies.