S
Scott
All of our users have "drop boxes" on our file server that I implemented in an effort to cut down on email attachments. Each system maps the X: drive to their individual box and Z: drive to the main "drop box" that has all other users boxes in it to copy to.
On one users machine he has a file payload.dat in his dropbox that just REFUSES to go away, I scan his system and his dropbox (again which is on the file server) using Symantec Corp Ed 8.1 with latest definitions, it finds a few payload.dats on the X: drive and quaritines them, I delete them, rescan it finds a few more, etc etc etc....
It seems like it's replicating itself as soon as it has been moved. Symantecs site doesn't say it exhibits this behavior and also says that it buries itself in the registry under run. On this users machine the key in the registry doesn't exist (so it looks to me like it's gone/shouldn't come back) but it ALWAYS comes back, reboot, scan, delete, scan - It's back, repeat process. And it always frinds multiple copies of it at the same location.
Has anyone else seen this? Know how the hell to kill it?
On one users machine he has a file payload.dat in his dropbox that just REFUSES to go away, I scan his system and his dropbox (again which is on the file server) using Symantec Corp Ed 8.1 with latest definitions, it finds a few payload.dats on the X: drive and quaritines them, I delete them, rescan it finds a few more, etc etc etc....
It seems like it's replicating itself as soon as it has been moved. Symantecs site doesn't say it exhibits this behavior and also says that it buries itself in the registry under run. On this users machine the key in the registry doesn't exist (so it looks to me like it's gone/shouldn't come back) but it ALWAYS comes back, reboot, scan, delete, scan - It's back, repeat process. And it always frinds multiple copies of it at the same location.
Has anyone else seen this? Know how the hell to kill it?