ircphate.exe- trojan

Discussion in 'Virus Information' started by microsoft, Dec 28, 2009.

  1. microsoft

    microsoft Guest

    Hi

    I am running Windows 2003 server. This server is a member server and its
    primary role is a file server. Norton Symantec Antivirus Corproate Edition
    initally detected this trojan and quarantined it. However whenever the users
    on the network access particular share the above captioned trojan file is
    presented within Norton. I then used Kapesky which indicated that the file
    was deleted successfully. However after a day the trojan has reappeared.
    Has anyone ecountered this virus and if so what can I do to fully remove it.

    There is not much documentation available as yet on this virus which
    therefore makes it difficult to resolve and remove.

    Symantec simply points o the share on teh network as the lcoation of the
    trojan, how can I nfirm what is the souce and how to fully remove it.
     
    microsoft, Dec 28, 2009
    #1
    1. Advertisements

  2. From: "microsoft" <>

    | Hi

    | I am running Windows 2003 server. This server is a member server and its
    | primary role is a file server. Norton Symantec Antivirus Corproate Edition
    | initally detected this trojan and quarantined it. However whenever the users
    | on the network access particular share the above captioned trojan file is
    | presented within Norton. I then used Kapesky which indicated that the file
    | was deleted successfully. However after a day the trojan has reappeared.
    | Has anyone ecountered this virus and if so what can I do to fully remove it.

    | There is not much documentation available as yet on this virus which
    | therefore makes it difficult to resolve and remove.

    | Symantec simply points o the share on teh network as the lcoation of the
    | trojan, how can I nfirm what is the souce and how to fully remove it.

    Probably Symantec is only seeing part of the infection and is missing the major
    components.|

    Please submit a sample to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against many different AV vendor's scanners.
    That will give you an idea what it is and who recognizes it. In addition Virus
    Total will provide the sample to all participating vendors.

    You can also submit a suspect, one at a time, via the following email URL...
    mailto:?subject=SCAN

    When you get the report, please post back the exact results.

    Then you may also may want to scan the server and workstations with my Multi-AV Scanning
    Tools Sophos and McAfee modules.
     
    David H. Lipman, Dec 28, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.